SUSE 5002 Published by

The following security updates have been released for openSUSE and SUSE Linux Enterprise:

SUSE-SU-2023:4875-1: important: Security update for gstreamer-plugins-bad
SUSE-SU-2023:4871-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP3)
SUSE-SU-2023:4867-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP5)
SUSE-SU-2023:4872-1: important: Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP4)
SUSE-SU-2023:4848-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP5)
SUSE-SU-2023:4649-1: important: Security update for openssl-3
SUSE-SU-2023:4659-1: moderate: Security update for curl
SUSE-SU-2023:4662-1: important: Security update for qemu
SUSE-SU-2023:4690-1: moderate: Security update for poppler
SUSE-SU-2023:4727-1: important: Security update for catatonit, containerd, runc
SUSE-SU-2023:4843-1: moderate: Security update for python3-cryptography
SUSE-SU-2023:4709-1: important: Security update for go1.21
SUSE-SU-2023:4730-1: important: Security update for the Linux Kernel
SUSE-SU-2023:4839-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP3)
SUSE-SU-2023:4836-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP3)
SUSE-SU-2023:4842-1: moderate: Security update for python-cryptography
SUSE-SU-2023:4782-1: important: Security update for the Linux Kernel
SUSE-SU-2023:4787-1: important: Security update for xorg-x11-server
SUSE-SU-2023:4791-1: important: Security update for xorg-x11-server
SUSE-SU-2023:4775-1: important: Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP5)
SUSE-SU-2023:4781-1: important: Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP5)
SUSE-SU-2023:4788-1: important: Security update for xwayland



SUSE-SU-2023:4875-1: important: Security update for gstreamer-plugins-bad


# Security update for gstreamer-plugins-bad

Announcement ID: SUSE-SU-2023:4875-1
Rating: important
References:

* bsc#1217211

Cross-References:

* CVE-2023-44429

CVSS scores:

* CVE-2023-44429 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP4
* Desktop Applications Module 15-SP4
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP4

An update that solves one vulnerability can now be installed.

## Description:

This update for gstreamer-plugins-bad fixes the following issues:

* CVE-2023-44429: Fixed GStreamer AV1 Codec Parsing Heap-based Buffer Overflow
(bsc#1217211).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Package Hub 15 15-SP4
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4875=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4875=1

* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4875=1

* Desktop Applications Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4875=1

## Package List:

* SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64)
* libgsttranscoder-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgsttranscoder-1_0-0-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-debugsource-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.12.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libgstplayer-1_0-0-1.20.1-150400.3.12.1
* libgsturidownloader-1_0-0-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-debugsource-1.20.1-150400.3.12.1
* libgstcodecs-1_0-0-1.20.1-150400.3.12.1
* typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.12.1
* typelib-1_0-GstTranscoder-1_0-1.20.1-150400.3.12.1
* libgstmpegts-1_0-0-1.20.1-150400.3.12.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.20.1-150400.3.12.1
* gstreamer-transcoder-1.20.1-150400.3.12.1
* libgstisoff-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstphotography-1_0-0-1.20.1-150400.3.12.1
* libgstcodecparsers-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstsctp-1_0-0-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.12.1
* libgsttranscoder-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgsturidownloader-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstwayland-1_0-0-1.20.1-150400.3.12.1
* libgstwayland-1_0-0-debuginfo-1.20.1-150400.3.12.1
* typelib-1_0-GstVulkanXCB-1_0-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-devel-1.20.1-150400.3.12.1
* gstreamer-transcoder-devel-1.20.1-150400.3.12.1
* libgstva-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstinsertbin-1_0-0-1.20.1-150400.3.12.1
* libgstvulkan-1_0-0-1.20.1-150400.3.12.1
* libgstplayer-1_0-0-debuginfo-1.20.1-150400.3.12.1
* typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.12.1
* libgstbadaudio-1_0-0-debuginfo-1.20.1-150400.3.12.1
* typelib-1_0-GstVulkanWayland-1_0-1.20.1-150400.3.12.1
* typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.12.1
* libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.12.1
* libgstcodecparsers-1_0-0-1.20.1-150400.3.12.1
* libgstphotography-1_0-0-debuginfo-1.20.1-150400.3.12.1
* gstreamer-transcoder-debuginfo-1.20.1-150400.3.12.1
* libgstsctp-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstmpegts-1_0-0-debuginfo-1.20.1-150400.3.12.1
* typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.12.1
* libgstplay-1_0-0-1.20.1-150400.3.12.1
* libgstadaptivedemux-1_0-0-1.20.1-150400.3.12.1
* libgstplay-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstisoff-1_0-0-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-chromaprint-debuginfo-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-1.20.1-150400.3.12.1
* typelib-1_0-GstPlay-1_0-1.20.1-150400.3.12.1
* typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.12.1
* libgstbadaudio-1_0-0-1.20.1-150400.3.12.1
* libgsttranscoder-1_0-0-1.20.1-150400.3.12.1
* libgstvulkan-1_0-0-debuginfo-1.20.1-150400.3.12.1
* typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.12.1
* libgstadaptivedemux-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstwebrtc-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstwebrtc-1_0-0-1.20.1-150400.3.12.1
* libgstcodecs-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstva-1_0-0-1.20.1-150400.3.12.1
* typelib-1_0-GstVulkan-1_0-1.20.1-150400.3.12.1
* libgstinsertbin-1_0-0-debuginfo-1.20.1-150400.3.12.1
* openSUSE Leap 15.4 (x86_64)
* libgstva-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstwebrtc-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstcodecparsers-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstbasecamerabinsrc-1_0-0-32bit-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstcodecs-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstplay-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstvulkan-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstcodecs-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstsctp-1_0-0-32bit-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-32bit-1.20.1-150400.3.12.1
* libgstplayer-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstvulkan-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstbadaudio-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstplay-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstwayland-1_0-0-32bit-1.20.1-150400.3.12.1
* libgsturidownloader-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstinsertbin-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstplayer-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstphotography-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgsturidownloader-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstva-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstadaptivedemux-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstcodecparsers-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstsctp-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstbadaudio-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstphotography-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstadaptivedemux-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstisoff-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-chromaprint-32bit-1.20.1-150400.3.12.1
* libgstinsertbin-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstmpegts-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstwebrtc-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstmpegts-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstisoff-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstwayland-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* openSUSE Leap 15.4 (noarch)
* gstreamer-plugins-bad-lang-1.20.1-150400.3.12.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libgstsctp-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstmpegts-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstbadaudio-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstcodecs-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-chromaprint-64bit-1.20.1-150400.3.12.1
* libgstplay-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstplayer-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstvulkan-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstadaptivedemux-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstva-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstcodecparsers-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstbasecamerabinsrc-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstwebrtc-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstwebrtc-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstisoff-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstcodecparsers-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgsturidownloader-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstisoff-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstbadaudio-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstplayer-1_0-0-64bit-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-64bit-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstadaptivedemux-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstplay-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstcodecs-1_0-0-64bit-1.20.1-150400.3.12.1
* libgsturidownloader-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstwayland-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstwayland-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstphotography-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstmpegts-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstsctp-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstphotography-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstvulkan-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstva-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstinsertbin-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstinsertbin-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* libgstplayer-1_0-0-1.20.1-150400.3.12.1
* libgstphotography-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstplayer-1_0-0-debuginfo-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-debugsource-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.12.1
* libgstplay-1_0-0-1.20.1-150400.3.12.1
* libgstplay-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstphotography-1_0-0-1.20.1-150400.3.12.1
* Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* libgsturidownloader-1_0-0-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-debugsource-1.20.1-150400.3.12.1
* libgstcodecs-1_0-0-1.20.1-150400.3.12.1
* typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.12.1
* libgstmpegts-1_0-0-1.20.1-150400.3.12.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstisoff-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstsctp-1_0-0-1.20.1-150400.3.12.1
* libgstcodecparsers-1_0-0-debuginfo-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.12.1
* libgsturidownloader-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstwayland-1_0-0-1.20.1-150400.3.12.1
* libgstwayland-1_0-0-debuginfo-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-devel-1.20.1-150400.3.12.1
* libgstva-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstinsertbin-1_0-0-1.20.1-150400.3.12.1
* libgstvulkan-1_0-0-1.20.1-150400.3.12.1
* typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.12.1
* libgstbadaudio-1_0-0-debuginfo-1.20.1-150400.3.12.1
* typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.12.1
* libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.12.1
* libgstcodecparsers-1_0-0-1.20.1-150400.3.12.1
* libgstsctp-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstmpegts-1_0-0-debuginfo-1.20.1-150400.3.12.1
* typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.12.1
* libgstadaptivedemux-1_0-0-1.20.1-150400.3.12.1
* libgstisoff-1_0-0-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-chromaprint-debuginfo-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-1.20.1-150400.3.12.1
* typelib-1_0-GstPlay-1_0-1.20.1-150400.3.12.1
* typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.12.1
* libgstbadaudio-1_0-0-1.20.1-150400.3.12.1
* libgstvulkan-1_0-0-debuginfo-1.20.1-150400.3.12.1
* typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.12.1
* libgstadaptivedemux-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstwebrtc-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstwebrtc-1_0-0-1.20.1-150400.3.12.1
* libgstcodecs-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstva-1_0-0-1.20.1-150400.3.12.1
* libgstinsertbin-1_0-0-debuginfo-1.20.1-150400.3.12.1
* Desktop Applications Module 15-SP4 (noarch)
* gstreamer-plugins-bad-lang-1.20.1-150400.3.12.1

## References:

* https://www.suse.com/security/cve/CVE-2023-44429.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217211



SUSE-SU-2023:4871-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP3)

Announcement ID: SUSE-SU-2023:4871-1
Rating: important
References:

* bsc#1215097
* bsc#1215442
* bsc#1215519

Cross-References:

* CVE-2023-2163
* CVE-2023-3777
* CVE-2023-4622

CVSS scores:

* CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_106 fixes several issues.

The following security issues were fixed:

* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215097)
* CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain
sockets component which could be exploited to achieve local privilege
escalation (bsc#1215442).
* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
unsafe code paths being incorrectly marked as safe, resulting in arbitrary
read/write in kernel memory, lateral privilege escalation, and container
escape. (bsc#1215519)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2023-4871=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-4871=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_27-debugsource-11-150300.2.2
* kernel-livepatch-5_3_18-150300_59_106-default-11-150300.2.2
* kernel-livepatch-5_3_18-150300_59_106-default-debuginfo-11-150300.2.2
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_106-preempt-debuginfo-11-150300.2.2
* kernel-livepatch-5_3_18-150300_59_106-preempt-11-150300.2.2
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_106-default-11-150300.2.2

## References:

* https://www.suse.com/security/cve/CVE-2023-2163.html
* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://www.suse.com/security/cve/CVE-2023-4622.html
* https://bugzilla.suse.com/show_bug.cgi?id=1215097
* https://bugzilla.suse.com/show_bug.cgi?id=1215442
* https://bugzilla.suse.com/show_bug.cgi?id=1215519



SUSE-SU-2023:4867-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP5)


# Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP5)

Announcement ID: SUSE-SU-2023:4867-1
Rating: important
References:

* bsc#1215097
* bsc#1215519

Cross-References:

* CVE-2023-2163
* CVE-2023-3777

CVSS scores:

* CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro 6.0
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_31 fixes several issues.

The following security issues were fixed:

* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215097)
* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
unsafe code paths being incorrectly marked as safe, resulting in arbitrary
read/write in kernel memory, lateral privilege escalation, and container
escape. (bsc#1215519)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4867=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4867=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4864=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4864=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_92-default-debuginfo-2-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_19-debugsource-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_92-default-2-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_92-default-debuginfo-2-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_19-debugsource-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_92-default-2-150400.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_6-debugsource-2-150500.2.1
* kernel-livepatch-5_14_21-150500_55_31-default-2-150500.2.1
* kernel-livepatch-5_14_21-150500_55_31-default-debuginfo-2-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_6-debugsource-2-150500.2.1
* kernel-livepatch-5_14_21-150500_55_31-default-2-150500.2.1
* kernel-livepatch-5_14_21-150500_55_31-default-debuginfo-2-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2023-2163.html
* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://bugzilla.suse.com/show_bug.cgi?id=1215097
* https://bugzilla.suse.com/show_bug.cgi?id=1215519



SUSE-SU-2023:4872-1: important: Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP4)

Announcement ID: SUSE-SU-2023:4872-1
Rating: important
References:

* bsc#1213584
* bsc#1215097
* bsc#1215442
* bsc#1215519
* bsc#1215971

Cross-References:

* CVE-2023-2163
* CVE-2023-3610
* CVE-2023-3777
* CVE-2023-4622
* CVE-2023-5345

CVSS scores:

* CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2023-3610 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5345 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_81 fixes several issues.

The following security issues were fixed:

* CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be
exploited to achieve local privilege escalation (bsc#1213584).
* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215097)
* CVE-2023-5345: Fixed an use-after-free vulnerability in the fs/smb/client
component which could be exploited to achieve local privilege escalation.
(bsc#1215971)
* CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain
sockets component which could be exploited to achieve local privilege
escalation (bsc#1215442).
* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
unsafe code paths being incorrectly marked as safe, resulting in arbitrary
read/write in kernel memory, lateral privilege escalation, and container
escape. (bsc#1215519)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4872=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4872=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_81-default-debuginfo-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_81-default-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_16-debugsource-4-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_81-default-debuginfo-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_81-default-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_16-debugsource-4-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2023-2163.html
* https://www.suse.com/security/cve/CVE-2023-3610.html
* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://www.suse.com/security/cve/CVE-2023-4622.html
* https://www.suse.com/security/cve/CVE-2023-5345.html
* https://bugzilla.suse.com/show_bug.cgi?id=1213584
* https://bugzilla.suse.com/show_bug.cgi?id=1215097
* https://bugzilla.suse.com/show_bug.cgi?id=1215442
* https://bugzilla.suse.com/show_bug.cgi?id=1215519
* https://bugzilla.suse.com/show_bug.cgi?id=1215971



SUSE-SU-2023:4848-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP5)


# Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP5)

Announcement ID: SUSE-SU-2023:4848-1
Rating: important
References:

* bsc#1213584
* bsc#1215097
* bsc#1215442
* bsc#1215519
* bsc#1215971

Cross-References:

* CVE-2023-2163
* CVE-2023-3610
* CVE-2023-3777
* CVE-2023-4622
* CVE-2023-5345

CVSS scores:

* CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2023-3610 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5345 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro 6.0
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_19 fixes several issues.

The following security issues were fixed:

* CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be
exploited to achieve local privilege escalation (bsc#1213584).
* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215097)
* CVE-2023-5345: Fixed an use-after-free vulnerability in the fs/smb/client
component which could be exploited to achieve local privilege escalation.
(bsc#1215971)
* CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain
sockets component which could be exploited to achieve local privilege
escalation (bsc#1215442).
* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
unsafe code paths being incorrectly marked as safe, resulting in arbitrary
read/write in kernel memory, lateral privilege escalation, and container
escape. (bsc#1215519)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4857=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4857=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4848=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2023-4851=1 SUSE-SLE-Module-Live-
Patching-15-SP4-2023-4858=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-4859=1
SUSE-SLE-Module-Live-Patching-15-SP4-2023-4865=1 SUSE-SLE-Module-Live-
Patching-15-SP4-2023-4856=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4851=1 SUSE-2023-4858=1 SUSE-2023-4859=1
SUSE-2023-4865=1 SUSE-2023-4856=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_19-default-4-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_3-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_19-default-debuginfo-4-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_19-default-4-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_3-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_19-default-debuginfo-4-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (x86_64)
* kernel-livepatch-SLE15-SP4-RT_Update_1-debugsource-12-150400.2.2
* kernel-livepatch-5_14_21-150400_15_5-rt-debuginfo-12-150400.2.2
* kernel-livepatch-5_14_21-150400_15_5-rt-12-150400.2.2
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_14-debugsource-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_55-default-debuginfo-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_46-default-10-150400.2.2
* kernel-livepatch-5_14_21-150400_24_38-default-debuginfo-12-150400.2.2
* kernel-livepatch-SLE15-SP4_Update_13-debugsource-6-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_6-debugsource-12-150400.2.2
* kernel-livepatch-SLE15-SP4_Update_10-debugsource-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_69-default-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_66-default-debuginfo-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_46-default-debuginfo-10-150400.2.2
* kernel-livepatch-5_14_21-150400_24_66-default-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_55-default-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_38-default-12-150400.2.2
* kernel-livepatch-5_14_21-150400_24_69-default-debuginfo-5-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_8-debugsource-10-150400.2.2
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_14-debugsource-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_55-default-debuginfo-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_46-default-10-150400.2.2
* kernel-livepatch-5_14_21-150400_24_38-default-debuginfo-12-150400.2.2
* kernel-livepatch-SLE15-SP4_Update_13-debugsource-6-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_6-debugsource-12-150400.2.2
* kernel-livepatch-SLE15-SP4_Update_10-debugsource-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_69-default-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_66-default-debuginfo-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_46-default-debuginfo-10-150400.2.2
* kernel-livepatch-5_14_21-150400_24_66-default-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_55-default-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_38-default-12-150400.2.2
* kernel-livepatch-5_14_21-150400_24_69-default-debuginfo-5-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_8-debugsource-10-150400.2.2

## References:

* https://www.suse.com/security/cve/CVE-2023-2163.html
* https://www.suse.com/security/cve/CVE-2023-3610.html
* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://www.suse.com/security/cve/CVE-2023-4622.html
* https://www.suse.com/security/cve/CVE-2023-5345.html
* https://bugzilla.suse.com/show_bug.cgi?id=1213584
* https://bugzilla.suse.com/show_bug.cgi?id=1215097
* https://bugzilla.suse.com/show_bug.cgi?id=1215442
* https://bugzilla.suse.com/show_bug.cgi?id=1215519
* https://bugzilla.suse.com/show_bug.cgi?id=1215971



SUSE-SU-2023:4649-1: important: Security update for openssl-3


# Security update for openssl-3

Announcement ID: SUSE-SU-2023:4649-1
Rating: important
References:

* bsc#1194187
* bsc#1207472
* bsc#1216922

Cross-References:

* CVE-2023-5678

CVSS scores:

* CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-5678 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* Basesystem Module 15-SP4
* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability and has two security fixes can now be
installed.

## Description:

This update for openssl-3 fixes the following issues:

* CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH
keys that resulted in a possible Denial of Service (bsc#1216922).

Bug fixes:

* The default /etc/ssl/openssl3.cnf file will include any configuration files
that other packages might place into /etc/ssl/engines3.d/ and
/etc/ssl/engdef3.d/.
* Create the two new necessary directores for the above. [bsc#1194187,
bsc#1207472]

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4649=1 SUSE-2023-4649=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4649=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4649=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4649=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4649=1

* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4649=1

* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4649=1

* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4649=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* openssl-3-debugsource-3.0.8-150400.4.42.1
* libopenssl-3-devel-3.0.8-150400.4.42.1
* libopenssl3-3.0.8-150400.4.42.1
* openssl-3-debuginfo-3.0.8-150400.4.42.1
* openssl-3-3.0.8-150400.4.42.1
* libopenssl3-debuginfo-3.0.8-150400.4.42.1
* openSUSE Leap 15.4 (x86_64)
* libopenssl-3-devel-32bit-3.0.8-150400.4.42.1
* libopenssl3-32bit-debuginfo-3.0.8-150400.4.42.1
* libopenssl3-32bit-3.0.8-150400.4.42.1
* openSUSE Leap 15.4 (noarch)
* openssl-3-doc-3.0.8-150400.4.42.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libopenssl3-64bit-3.0.8-150400.4.42.1
* libopenssl-3-devel-64bit-3.0.8-150400.4.42.1
* libopenssl3-64bit-debuginfo-3.0.8-150400.4.42.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libopenssl3-3.0.8-150400.4.42.1
* libopenssl3-debuginfo-3.0.8-150400.4.42.1
* openssl-3-debugsource-3.0.8-150400.4.42.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libopenssl3-3.0.8-150400.4.42.1
* libopenssl3-debuginfo-3.0.8-150400.4.42.1
* openssl-3-debugsource-3.0.8-150400.4.42.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libopenssl3-3.0.8-150400.4.42.1
* libopenssl3-debuginfo-3.0.8-150400.4.42.1
* openssl-3-debugsource-3.0.8-150400.4.42.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libopenssl3-3.0.8-150400.4.42.1
* libopenssl3-debuginfo-3.0.8-150400.4.42.1
* openssl-3-debugsource-3.0.8-150400.4.42.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* openssl-3-debugsource-3.0.8-150400.4.42.1
* libopenssl-3-devel-3.0.8-150400.4.42.1
* libopenssl3-3.0.8-150400.4.42.1
* openssl-3-debuginfo-3.0.8-150400.4.42.1
* openssl-3-3.0.8-150400.4.42.1
* libopenssl3-debuginfo-3.0.8-150400.4.42.1
* openSUSE Leap Micro 5.3 (aarch64 ppc64le s390x x86_64)
* libopenssl3-3.0.8-150400.4.42.1
* libopenssl3-debuginfo-3.0.8-150400.4.42.1
* openssl-3-debugsource-3.0.8-150400.4.42.1
* openSUSE Leap Micro 5.4 (aarch64 ppc64le s390x x86_64)
* libopenssl3-3.0.8-150400.4.42.1
* libopenssl3-debuginfo-3.0.8-150400.4.42.1
* openssl-3-debugsource-3.0.8-150400.4.42.1

## References:

* https://www.suse.com/security/cve/CVE-2023-5678.html
* https://bugzilla.suse.com/show_bug.cgi?id=1194187
* https://bugzilla.suse.com/show_bug.cgi?id=1207472
* https://bugzilla.suse.com/show_bug.cgi?id=1216922



SUSE-SU-2023:4659-1: moderate: Security update for curl


# Security update for curl

Announcement ID: SUSE-SU-2023:4659-1
Rating: moderate
References:

* bsc#1217573
* bsc#1217574

Cross-References:

* CVE-2023-46218
* CVE-2023-46219

CVSS scores:

* CVE-2023-46218 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2023-46218 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2023-46219 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:

* Basesystem Module 15-SP4
* Basesystem Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves two vulnerabilities can now be installed.

## Description:

This update for curl fixes the following issues:

* CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573).
* CVE-2023-46219: HSTS long file name clears contents (bsc#1217574).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4659=1 openSUSE-SLE-15.4-2023-4659=1

* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4659=1

* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4659=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4659=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4659=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4659=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4659=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4659=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4659=1

* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4659=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4659=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libcurl4-debuginfo-8.0.1-150400.5.36.1
* curl-debuginfo-8.0.1-150400.5.36.1
* curl-debugsource-8.0.1-150400.5.36.1
* curl-8.0.1-150400.5.36.1
* libcurl4-8.0.1-150400.5.36.1
* libcurl-devel-8.0.1-150400.5.36.1
* openSUSE Leap 15.4 (x86_64)
* libcurl4-32bit-8.0.1-150400.5.36.1
* libcurl4-32bit-debuginfo-8.0.1-150400.5.36.1
* libcurl-devel-32bit-8.0.1-150400.5.36.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libcurl4-64bit-8.0.1-150400.5.36.1
* libcurl4-64bit-debuginfo-8.0.1-150400.5.36.1
* libcurl-devel-64bit-8.0.1-150400.5.36.1
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* libcurl4-debuginfo-8.0.1-150400.5.36.1
* curl-debuginfo-8.0.1-150400.5.36.1
* curl-debugsource-8.0.1-150400.5.36.1
* curl-8.0.1-150400.5.36.1
* libcurl4-8.0.1-150400.5.36.1
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* libcurl4-debuginfo-8.0.1-150400.5.36.1
* curl-debuginfo-8.0.1-150400.5.36.1
* curl-debugsource-8.0.1-150400.5.36.1
* curl-8.0.1-150400.5.36.1
* libcurl4-8.0.1-150400.5.36.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* libcurl4-debuginfo-8.0.1-150400.5.36.1
* curl-debuginfo-8.0.1-150400.5.36.1
* curl-debugsource-8.0.1-150400.5.36.1
* curl-8.0.1-150400.5.36.1
* libcurl4-8.0.1-150400.5.36.1
* libcurl-devel-8.0.1-150400.5.36.1
* openSUSE Leap 15.5 (x86_64)
* libcurl4-32bit-8.0.1-150400.5.36.1
* libcurl4-32bit-debuginfo-8.0.1-150400.5.36.1
* libcurl-devel-32bit-8.0.1-150400.5.36.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libcurl4-debuginfo-8.0.1-150400.5.36.1
* curl-debuginfo-8.0.1-150400.5.36.1
* curl-debugsource-8.0.1-150400.5.36.1
* curl-8.0.1-150400.5.36.1
* libcurl4-8.0.1-150400.5.36.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libcurl4-debuginfo-8.0.1-150400.5.36.1
* curl-debuginfo-8.0.1-150400.5.36.1
* curl-debugsource-8.0.1-150400.5.36.1
* curl-8.0.1-150400.5.36.1
* libcurl4-8.0.1-150400.5.36.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libcurl4-debuginfo-8.0.1-150400.5.36.1
* curl-debuginfo-8.0.1-150400.5.36.1
* curl-debugsource-8.0.1-150400.5.36.1
* curl-8.0.1-150400.5.36.1
* libcurl4-8.0.1-150400.5.36.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libcurl4-debuginfo-8.0.1-150400.5.36.1
* curl-debuginfo-8.0.1-150400.5.36.1
* curl-debugsource-8.0.1-150400.5.36.1
* curl-8.0.1-150400.5.36.1
* libcurl4-8.0.1-150400.5.36.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* libcurl4-debuginfo-8.0.1-150400.5.36.1
* curl-debuginfo-8.0.1-150400.5.36.1
* curl-debugsource-8.0.1-150400.5.36.1
* curl-8.0.1-150400.5.36.1
* libcurl4-8.0.1-150400.5.36.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* libcurl4-debuginfo-8.0.1-150400.5.36.1
* curl-debuginfo-8.0.1-150400.5.36.1
* curl-debugsource-8.0.1-150400.5.36.1
* curl-8.0.1-150400.5.36.1
* libcurl4-8.0.1-150400.5.36.1
* libcurl-devel-8.0.1-150400.5.36.1
* Basesystem Module 15-SP4 (x86_64)
* libcurl4-32bit-8.0.1-150400.5.36.1
* libcurl4-32bit-debuginfo-8.0.1-150400.5.36.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libcurl4-debuginfo-8.0.1-150400.5.36.1
* curl-debuginfo-8.0.1-150400.5.36.1
* curl-debugsource-8.0.1-150400.5.36.1
* curl-8.0.1-150400.5.36.1
* libcurl4-8.0.1-150400.5.36.1
* libcurl-devel-8.0.1-150400.5.36.1
* Basesystem Module 15-SP5 (x86_64)
* libcurl4-32bit-8.0.1-150400.5.36.1
* libcurl4-32bit-debuginfo-8.0.1-150400.5.36.1

## References:

* https://www.suse.com/security/cve/CVE-2023-46218.html
* https://www.suse.com/security/cve/CVE-2023-46219.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217573
* https://bugzilla.suse.com/show_bug.cgi?id=1217574



SUSE-SU-2023:4662-1: important: Security update for qemu


# Security update for qemu

Announcement ID: SUSE-SU-2023:4662-1
Rating: important
References:

* bsc#1188609
* bsc#1212850
* bsc#1213210
* bsc#1213925
* bsc#1215311

Cross-References:

* CVE-2021-3638
* CVE-2023-3180
* CVE-2023-3354

CVSS scores:

* CVE-2021-3638 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
* CVE-2021-3638 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-3180 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-3180 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-3354 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3354 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP5
* openSUSE Leap 15.5
* Server Applications Module 15-SP5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves three vulnerabilities and has two security fixes can now
be installed.

## Description:

This update for qemu fixes the following issues:

* CVE-2021-3638: hw/display/ati_2d: Fix buffer overflow in ati_2d_blt
(bsc#1188609)
* CVE-2023-3180: virtio-crypto: verify src and dst buffer length for sym
request (bsc#1213925)
* CVE-2023-3354: io: remove io watch if TLS channel is closed during handshake
(bsc#1212850)
* [openSUSE] roms/ipxe: Backport 0aa2e4ec9635, in preparation of binutils 2.41
(bsc#1215311)
* target/s390x: Fix the "ignored match" case in VSTRS (bsc#1213210)
* linux-user/elfload: Enable vxe2 on s390x (bsc#1213210)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4662=1 openSUSE-SLE-15.5-2023-4662=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4662=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4662=1

* Server Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4662=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* qemu-extra-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-gpu-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-gpu-debuginfo-7.1.0-150500.49.9.2
* qemu-block-curl-debuginfo-7.1.0-150500.49.9.2
* qemu-audio-dbus-debuginfo-7.1.0-150500.49.9.2
* qemu-ui-spice-core-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-display-qxl-debuginfo-7.1.0-150500.49.9.2
* qemu-audio-pa-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.9.2
* qemu-audio-spice-7.1.0-150500.49.9.2
* qemu-tools-debuginfo-7.1.0-150500.49.9.2
* qemu-block-curl-7.1.0-150500.49.9.2
* qemu-ppc-debuginfo-7.1.0-150500.49.9.2
* qemu-ui-curses-7.1.0-150500.49.9.2
* qemu-audio-spice-debuginfo-7.1.0-150500.49.9.2
* qemu-ui-dbus-debuginfo-7.1.0-150500.49.9.2
* qemu-block-ssh-debuginfo-7.1.0-150500.49.9.2
* qemu-accel-tcg-x86-debuginfo-7.1.0-150500.49.9.2
* qemu-block-nfs-debuginfo-7.1.0-150500.49.9.2
* qemu-7.1.0-150500.49.9.2
* qemu-arm-7.1.0-150500.49.9.2
* qemu-block-dmg-7.1.0-150500.49.9.2
* qemu-chardev-spice-debuginfo-7.1.0-150500.49.9.2
* qemu-vhost-user-gpu-7.1.0-150500.49.9.2
* qemu-debugsource-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-gpu-pci-debuginfo-7.1.0-150500.49.9.2
* qemu-arm-debuginfo-7.1.0-150500.49.9.2
* qemu-chardev-baum-7.1.0-150500.49.9.2
* qemu-block-dmg-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-usb-redirect-debuginfo-7.1.0-150500.49.9.2
* qemu-accel-qtest-debuginfo-7.1.0-150500.49.9.2
* qemu-chardev-spice-7.1.0-150500.49.9.2
* qemu-ui-curses-debuginfo-7.1.0-150500.49.9.2
* qemu-ui-gtk-7.1.0-150500.49.9.2
* qemu-ui-spice-app-debuginfo-7.1.0-150500.49.9.2
* qemu-extra-7.1.0-150500.49.9.2
* qemu-linux-user-debugsource-7.1.0-150500.49.9.1
* qemu-headless-7.1.0-150500.49.9.2
* qemu-hw-s390x-virtio-gpu-ccw-7.1.0-150500.49.9.2
* qemu-hw-usb-host-debuginfo-7.1.0-150500.49.9.2
* qemu-s390x-debuginfo-7.1.0-150500.49.9.2
* qemu-linux-user-debuginfo-7.1.0-150500.49.9.1
* qemu-hw-s390x-virtio-gpu-ccw-debuginfo-7.1.0-150500.49.9.2
* qemu-ivshmem-tools-debuginfo-7.1.0-150500.49.9.2
* qemu-ksm-7.1.0-150500.49.9.2
* qemu-guest-agent-7.1.0-150500.49.9.2
* qemu-audio-alsa-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-usb-smartcard-debuginfo-7.1.0-150500.49.9.2
* qemu-audio-oss-7.1.0-150500.49.9.2
* qemu-audio-dbus-7.1.0-150500.49.9.2
* qemu-block-ssh-7.1.0-150500.49.9.2
* qemu-linux-user-7.1.0-150500.49.9.1
* qemu-debuginfo-7.1.0-150500.49.9.2
* qemu-audio-pa-7.1.0-150500.49.9.2
* qemu-audio-jack-7.1.0-150500.49.9.2
* qemu-chardev-baum-debuginfo-7.1.0-150500.49.9.2
* qemu-ui-spice-core-7.1.0-150500.49.9.2
* qemu-vhost-user-gpu-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-usb-host-7.1.0-150500.49.9.2
* qemu-ui-opengl-debuginfo-7.1.0-150500.49.9.2
* qemu-block-iscsi-7.1.0-150500.49.9.2
* qemu-ui-spice-app-7.1.0-150500.49.9.2
* qemu-block-iscsi-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-usb-smartcard-7.1.0-150500.49.9.2
* qemu-ppc-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-vga-debuginfo-7.1.0-150500.49.9.2
* qemu-accel-tcg-x86-7.1.0-150500.49.9.2
* qemu-block-gluster-debuginfo-7.1.0-150500.49.9.2
* qemu-lang-7.1.0-150500.49.9.2
* qemu-ivshmem-tools-7.1.0-150500.49.9.2
* qemu-hw-usb-redirect-7.1.0-150500.49.9.2
* qemu-s390x-7.1.0-150500.49.9.2
* qemu-audio-oss-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-display-qxl-7.1.0-150500.49.9.2
* qemu-audio-alsa-7.1.0-150500.49.9.2
* qemu-tools-7.1.0-150500.49.9.2
* qemu-ui-dbus-7.1.0-150500.49.9.2
* qemu-x86-debuginfo-7.1.0-150500.49.9.2
* qemu-x86-7.1.0-150500.49.9.2
* qemu-ui-gtk-debuginfo-7.1.0-150500.49.9.2
* qemu-ui-opengl-7.1.0-150500.49.9.2
* qemu-block-nfs-7.1.0-150500.49.9.2
* qemu-audio-jack-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-vga-7.1.0-150500.49.9.2
* qemu-accel-qtest-7.1.0-150500.49.9.2
* qemu-guest-agent-debuginfo-7.1.0-150500.49.9.2
* qemu-block-gluster-7.1.0-150500.49.9.2
* openSUSE Leap 15.5 (s390x x86_64 i586)
* qemu-kvm-7.1.0-150500.49.9.2
* openSUSE Leap 15.5 (noarch)
* qemu-microvm-7.1.0-150500.49.9.2
* qemu-sgabios-8-150500.49.9.2
* qemu-ipxe-1.0.0+-150500.49.9.2
* qemu-vgabios-1.16.0_0_gd239552-150500.49.9.2
* qemu-skiboot-7.1.0-150500.49.9.2
* qemu-SLOF-7.1.0-150500.49.9.2
* qemu-seabios-1.16.0_0_gd239552-150500.49.9.2
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* qemu-block-rbd-debuginfo-7.1.0-150500.49.9.2
* qemu-block-rbd-7.1.0-150500.49.9.2
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* qemu-hw-display-virtio-gpu-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-gpu-debuginfo-7.1.0-150500.49.9.2
* qemu-7.1.0-150500.49.9.2
* qemu-hw-usb-redirect-7.1.0-150500.49.9.2
* qemu-block-curl-debuginfo-7.1.0-150500.49.9.2
* qemu-chardev-spice-debuginfo-7.1.0-150500.49.9.2
* qemu-guest-agent-7.1.0-150500.49.9.2
* qemu-hw-display-qxl-7.1.0-150500.49.9.2
* qemu-ui-spice-core-debuginfo-7.1.0-150500.49.9.2
* qemu-debugsource-7.1.0-150500.49.9.2
* qemu-tools-7.1.0-150500.49.9.2
* qemu-hw-display-qxl-debuginfo-7.1.0-150500.49.9.2
* qemu-debuginfo-7.1.0-150500.49.9.2
* qemu-audio-spice-7.1.0-150500.49.9.2
* qemu-hw-usb-redirect-debuginfo-7.1.0-150500.49.9.2
* qemu-ui-opengl-7.1.0-150500.49.9.2
* qemu-tools-debuginfo-7.1.0-150500.49.9.2
* qemu-block-curl-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-vga-7.1.0-150500.49.9.2
* qemu-ui-spice-core-7.1.0-150500.49.9.2
* qemu-chardev-spice-7.1.0-150500.49.9.2
* qemu-ui-opengl-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-vga-debuginfo-7.1.0-150500.49.9.2
* qemu-guest-agent-debuginfo-7.1.0-150500.49.9.2
* qemu-audio-spice-debuginfo-7.1.0-150500.49.9.2
* SUSE Linux Enterprise Micro 5.5 (aarch64)
* qemu-arm-debuginfo-7.1.0-150500.49.9.2
* qemu-arm-7.1.0-150500.49.9.2
* SUSE Linux Enterprise Micro 5.5 (noarch)
* qemu-seabios-1.16.0_0_gd239552-150500.49.9.2
* qemu-vgabios-1.16.0_0_gd239552-150500.49.9.2
* qemu-sgabios-8-150500.49.9.2
* qemu-ipxe-1.0.0+-150500.49.9.2
* SUSE Linux Enterprise Micro 5.5 (s390x)
* qemu-s390x-7.1.0-150500.49.9.2
* qemu-s390x-debuginfo-7.1.0-150500.49.9.2
* SUSE Linux Enterprise Micro 5.5 (x86_64)
* qemu-accel-tcg-x86-debuginfo-7.1.0-150500.49.9.2
* qemu-x86-debuginfo-7.1.0-150500.49.9.2
* qemu-accel-tcg-x86-7.1.0-150500.49.9.2
* qemu-x86-7.1.0-150500.49.9.2
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* qemu-tools-7.1.0-150500.49.9.2
* qemu-debuginfo-7.1.0-150500.49.9.2
* qemu-debugsource-7.1.0-150500.49.9.2
* qemu-tools-debuginfo-7.1.0-150500.49.9.2
* Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* qemu-ui-dbus-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-usb-host-debuginfo-7.1.0-150500.49.9.2
* qemu-block-ssh-debuginfo-7.1.0-150500.49.9.2
* qemu-lang-7.1.0-150500.49.9.2
* qemu-7.1.0-150500.49.9.2
* qemu-block-rbd-debuginfo-7.1.0-150500.49.9.2
* qemu-block-curl-debuginfo-7.1.0-150500.49.9.2
* qemu-audio-dbus-debuginfo-7.1.0-150500.49.9.2
* qemu-ksm-7.1.0-150500.49.9.2
* qemu-guest-agent-7.1.0-150500.49.9.2
* qemu-block-rbd-7.1.0-150500.49.9.2
* qemu-debugsource-7.1.0-150500.49.9.2
* qemu-audio-dbus-7.1.0-150500.49.9.2
* qemu-block-ssh-7.1.0-150500.49.9.2
* qemu-chardev-baum-7.1.0-150500.49.9.2
* qemu-debuginfo-7.1.0-150500.49.9.2
* qemu-ui-dbus-7.1.0-150500.49.9.2
* qemu-chardev-baum-debuginfo-7.1.0-150500.49.9.2
* qemu-block-curl-7.1.0-150500.49.9.2
* qemu-hw-usb-host-7.1.0-150500.49.9.2
* qemu-ui-curses-debuginfo-7.1.0-150500.49.9.2
* qemu-block-iscsi-7.1.0-150500.49.9.2
* qemu-block-iscsi-debuginfo-7.1.0-150500.49.9.2
* qemu-guest-agent-debuginfo-7.1.0-150500.49.9.2
* qemu-ui-curses-7.1.0-150500.49.9.2
* Server Applications Module 15-SP5 (aarch64)
* qemu-arm-debuginfo-7.1.0-150500.49.9.2
* qemu-arm-7.1.0-150500.49.9.2
* Server Applications Module 15-SP5 (aarch64 ppc64le x86_64)
* qemu-chardev-spice-7.1.0-150500.49.9.2
* qemu-chardev-spice-debuginfo-7.1.0-150500.49.9.2
* qemu-ui-gtk-7.1.0-150500.49.9.2
* qemu-ui-opengl-debuginfo-7.1.0-150500.49.9.2
* qemu-audio-spice-7.1.0-150500.49.9.2
* qemu-ui-spice-app-7.1.0-150500.49.9.2
* qemu-ui-spice-app-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-display-qxl-7.1.0-150500.49.9.2
* qemu-ui-spice-core-debuginfo-7.1.0-150500.49.9.2
* qemu-ui-gtk-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-vga-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-usb-redirect-debuginfo-7.1.0-150500.49.9.2
* qemu-ui-opengl-7.1.0-150500.49.9.2
* qemu-hw-usb-redirect-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-vga-7.1.0-150500.49.9.2
* qemu-ui-spice-core-7.1.0-150500.49.9.2
* qemu-hw-display-qxl-debuginfo-7.1.0-150500.49.9.2
* qemu-audio-spice-debuginfo-7.1.0-150500.49.9.2
* Server Applications Module 15-SP5 (noarch)
* qemu-vgabios-1.16.0_0_gd239552-150500.49.9.2
* qemu-ipxe-1.0.0+-150500.49.9.2
* qemu-sgabios-8-150500.49.9.2
* qemu-skiboot-7.1.0-150500.49.9.2
* qemu-SLOF-7.1.0-150500.49.9.2
* qemu-seabios-1.16.0_0_gd239552-150500.49.9.2
* Server Applications Module 15-SP5 (ppc64le)
* qemu-ppc-debuginfo-7.1.0-150500.49.9.2
* qemu-ppc-7.1.0-150500.49.9.2
* Server Applications Module 15-SP5 (s390x x86_64)
* qemu-hw-display-virtio-gpu-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-gpu-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.9.2
* qemu-kvm-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-gpu-pci-debuginfo-7.1.0-150500.49.9.2
* Server Applications Module 15-SP5 (s390x)
* qemu-hw-s390x-virtio-gpu-ccw-debuginfo-7.1.0-150500.49.9.2
* qemu-s390x-7.1.0-150500.49.9.2
* qemu-s390x-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-s390x-virtio-gpu-ccw-7.1.0-150500.49.9.2
* Server Applications Module 15-SP5 (x86_64)
* qemu-x86-debuginfo-7.1.0-150500.49.9.2
* qemu-audio-pa-7.1.0-150500.49.9.2
* qemu-x86-7.1.0-150500.49.9.2
* qemu-accel-tcg-x86-debuginfo-7.1.0-150500.49.9.2
* qemu-audio-alsa-7.1.0-150500.49.9.2
* qemu-audio-alsa-debuginfo-7.1.0-150500.49.9.2
* qemu-accel-tcg-x86-7.1.0-150500.49.9.2
* qemu-audio-pa-debuginfo-7.1.0-150500.49.9.2

## References:

* https://www.suse.com/security/cve/CVE-2021-3638.html
* https://www.suse.com/security/cve/CVE-2023-3180.html
* https://www.suse.com/security/cve/CVE-2023-3354.html
* https://bugzilla.suse.com/show_bug.cgi?id=1188609
* https://bugzilla.suse.com/show_bug.cgi?id=1212850
* https://bugzilla.suse.com/show_bug.cgi?id=1213210
* https://bugzilla.suse.com/show_bug.cgi?id=1213925
* https://bugzilla.suse.com/show_bug.cgi?id=1215311



SUSE-SU-2023:4690-1: moderate: Security update for poppler


# Security update for poppler

Announcement ID: SUSE-SU-2023:4690-1
Rating: moderate
References:

* bsc#1120956

Cross-References:

* CVE-2018-20662

CVSS scores:

* CVE-2018-20662 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2018-20662 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2018-20662 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4

An update that solves one vulnerability can now be installed.

## Description:

This update for poppler fixes the following issues:

* CVE-2018-20662: PDFDoc setup in PDFDoc.cc allows attackers to cause DOS
because of a wrong return value from PDFDoc:setup (bsc#1120956).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4690=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* libpoppler73-debuginfo-0.62.0-150000.4.34.1
* libpoppler73-0.62.0-150000.4.34.1
* openSUSE Leap 15.4 (x86_64)
* libpoppler73-32bit-debuginfo-0.62.0-150000.4.34.1
* libpoppler73-32bit-0.62.0-150000.4.34.1

## References:

* https://www.suse.com/security/cve/CVE-2018-20662.html
* https://bugzilla.suse.com/show_bug.cgi?id=1120956



SUSE-SU-2023:4727-1: important: Security update for catatonit, containerd, runc


# Security update for catatonit, containerd, runc

Announcement ID: SUSE-SU-2023:4727-1
Rating: important
References:

* bsc#1200528

Cross-References:

* CVE-2022-1996

CVSS scores:

* CVE-2022-1996 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2022-1996 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2022-1996 ( NVD ): 9.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Affected Products:

* Containers Module 15-SP4
* Containers Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE CaaS Platform 4.0
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update of runc and containerd fixes the following issues:

containerd:

* Update to containerd v1.7.8. Upstream release notes:
https://github.com/containerd/containerd/releases/tag/v1.7.8

* CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528)

catatonit:

* Update to catatonit v0.2.0.
* Change license to GPL-2.0-or-later.

* Update to catatont v0.1.7

* This release adds the ability for catatonit to be used as the only process
in a pause container, by passing the -P flag (in this mode no subprocess is
spawned and thus no signal forwarding is done).

* Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to
socket activation or features somewhat adjacent to socket activation (such
as passing file descriptors).

runc:

* Update to runc v1.1.10. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.10

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4727=1

* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4727=1

* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4727=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4727=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4727=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4727=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4727=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4727=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4727=1

* Containers Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4727=1

* Containers Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4727=1

* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4727=1

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4727=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4727=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4727=1

* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4727=1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4727=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4727=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP1
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4727=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4727=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4727=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-4727=1

* SUSE CaaS Platform 4.0
To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform
you if it detects new updates and let you then trigger updating of the complete
cluster in a controlled way.

* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4727=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4727=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4727=1

## Package List:

* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* runc-1.1.10-150000.55.1
* containerd-devel-1.7.8-150000.103.1
* containerd-1.7.8-150000.103.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* runc-1.1.10-150000.55.1
* containerd-devel-1.7.8-150000.103.1
* containerd-1.7.8-150000.103.1
* Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* runc-1.1.10-150000.55.1
* containerd-devel-1.7.8-150000.103.1
* containerd-1.7.8-150000.103.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64
x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* runc-1.1.10-150000.55.1
* catatonit-0.2.0-150000.3.6.1
* catatonit-debugsource-0.2.0-150000.3.6.1
* containerd-1.7.8-150000.103.1
* catatonit-debuginfo-0.2.0-150000.3.6.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* runc-1.1.10-150000.55.1
* catatonit-0.2.0-150000.3.6.1
* catatonit-debugsource-0.2.0-150000.3.6.1
* containerd-1.7.8-150000.103.1
* catatonit-debuginfo-0.2.0-150000.3.6.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x
x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* runc-1.1.10-150000.55.1
* catatonit-0.2.0-150000.3.6.1
* catatonit-debugsource-0.2.0-150000.3.6.1
* containerd-1.7.8-150000.103.1
* catatonit-debuginfo-0.2.0-150000.3.6.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* runc-1.1.10-150000.55.1
* catatonit-0.2.0-150000.3.6.1
* catatonit-debugsource-0.2.0-150000.3.6.1
* containerd-1.7.8-150000.103.1
* catatonit-debuginfo-0.2.0-150000.3.6.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* runc-1.1.10-150000.55.1
* catatonit-0.2.0-150000.3.6.1
* catatonit-debugsource-0.2.0-150000.3.6.1
* containerd-1.7.8-150000.103.1
* catatonit-debuginfo-0.2.0-150000.3.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* runc-1.1.10-150000.55.1
* catatonit-0.2.0-150000.3.6.1
* catatonit-debugsource-0.2.0-150000.3.6.1
* containerd-1.7.8-150000.103.1
* catatonit-debuginfo-0.2.0-150000.3.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* SUSE CaaS Platform 4.0 (x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* runc-1.1.10-150000.55.1
* catatonit-0.2.0-150000.3.6.1
* catatonit-debugsource-0.2.0-150000.3.6.1
* containerd-1.7.8-150000.103.1
* catatonit-debuginfo-0.2.0-150000.3.6.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1

## References:

* https://www.suse.com/security/cve/CVE-2022-1996.html
* https://bugzilla.suse.com/show_bug.cgi?id=1200528



SUSE-SU-2023:4843-1: moderate: Security update for python3-cryptography


# Security update for python3-cryptography

Announcement ID: SUSE-SU-2023:4843-1
Rating: moderate
References:

* bsc#1217592

Cross-References:

* CVE-2023-49083

CVSS scores:

* CVE-2023-49083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-49083 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP4
* Basesystem Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for python3-cryptography fixes the following issues:

* CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates
from a PKCS#7 bundle (bsc#1217592).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4843=1 SUSE-2023-4843=1

* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4843=1

* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4843=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4843=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4843=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4843=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4843=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4843=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4843=1

* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4843=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4843=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* python3-cryptography-debugsource-3.3.2-150400.23.1
* python3-cryptography-3.3.2-150400.23.1
* python3-cryptography-debuginfo-3.3.2-150400.23.1
* openSUSE Leap Micro 5.3 (aarch64 ppc64le s390x x86_64)
* python3-cryptography-debugsource-3.3.2-150400.23.1
* python3-cryptography-3.3.2-150400.23.1
* python3-cryptography-debuginfo-3.3.2-150400.23.1
* openSUSE Leap Micro 5.4 (aarch64 ppc64le s390x x86_64)
* python3-cryptography-debugsource-3.3.2-150400.23.1
* python3-cryptography-3.3.2-150400.23.1
* python3-cryptography-debuginfo-3.3.2-150400.23.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* python3-cryptography-debugsource-3.3.2-150400.23.1
* python3-cryptography-3.3.2-150400.23.1
* python3-cryptography-debuginfo-3.3.2-150400.23.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* python3-cryptography-debugsource-3.3.2-150400.23.1
* python3-cryptography-3.3.2-150400.23.1
* python3-cryptography-debuginfo-3.3.2-150400.23.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* python3-cryptography-debugsource-3.3.2-150400.23.1
* python3-cryptography-3.3.2-150400.23.1
* python3-cryptography-debuginfo-3.3.2-150400.23.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* python3-cryptography-debugsource-3.3.2-150400.23.1
* python3-cryptography-3.3.2-150400.23.1
* python3-cryptography-debuginfo-3.3.2-150400.23.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* python3-cryptography-debugsource-3.3.2-150400.23.1
* python3-cryptography-3.3.2-150400.23.1
* python3-cryptography-debuginfo-3.3.2-150400.23.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* python3-cryptography-debugsource-3.3.2-150400.23.1
* python3-cryptography-3.3.2-150400.23.1
* python3-cryptography-debuginfo-3.3.2-150400.23.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* python3-cryptography-debugsource-3.3.2-150400.23.1
* python3-cryptography-3.3.2-150400.23.1
* python3-cryptography-debuginfo-3.3.2-150400.23.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* python3-cryptography-debugsource-3.3.2-150400.23.1
* python3-cryptography-3.3.2-150400.23.1
* python3-cryptography-debuginfo-3.3.2-150400.23.1

## References:

* https://www.suse.com/security/cve/CVE-2023-49083.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217592



SUSE-SU-2023:4709-1: important: Security update for go1.21


# Security update for go1.21

Announcement ID: SUSE-SU-2023:4709-1
Rating: important
References:

* bsc#1212475
* bsc#1216943
* bsc#1217833
* bsc#1217834

Cross-References:

* CVE-2023-39326
* CVE-2023-45284
* CVE-2023-45285

CVSS scores:

* CVE-2023-39326 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-39326 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2023-45284 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
* CVE-2023-45284 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-45285 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
* CVE-2023-45285 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* Development Tools Module 15-SP4
* Development Tools Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves three vulnerabilities and has one security fix can now be
installed.

## Description:

This update for go1.21 fixes the following issues:

Update to go1.21.5:

* CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme
(bsc#1217834).
* CVE-2023-45284: path/filepath: Clean removes ending slash for volume on
Windows in Go 1.21.4 (bsc#1216943).
* CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833).
* cmd/go: go mod download needs to support toolchain upgrades
* cmd/compile: invalid pointer found on stack when compiled with -race
* os: NTFS deduped file changed from regular to irregular
* net: TCPConn.ReadFrom hangs when io.Reader is TCPConn or UnixConn, Linux
kernel < 5.1
* cmd/compile: internal compiler error: panic during prove while compiling:
unexpected induction with too many parents
* syscall: TestOpenFileLimit unintentionally runs on non-Unix platforms
* runtime: self-deadlock on mheap_.lock
* crypto/rand: Legacy RtlGenRandom use on Windows

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4709=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4709=1

* Development Tools Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4709=1

* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4709=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* go1.21-race-1.21.5-150000.1.18.1
* go1.21-1.21.5-150000.1.18.1
* go1.21-doc-1.21.5-150000.1.18.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* go1.21-race-1.21.5-150000.1.18.1
* go1.21-1.21.5-150000.1.18.1
* go1.21-doc-1.21.5-150000.1.18.1
* Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* go1.21-1.21.5-150000.1.18.1
* go1.21-doc-1.21.5-150000.1.18.1
* Development Tools Module 15-SP4 (aarch64 x86_64)
* go1.21-race-1.21.5-150000.1.18.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* go1.21-race-1.21.5-150000.1.18.1
* go1.21-1.21.5-150000.1.18.1
* go1.21-doc-1.21.5-150000.1.18.1

## References:

* https://www.suse.com/security/cve/CVE-2023-39326.html
* https://www.suse.com/security/cve/CVE-2023-45284.html
* https://www.suse.com/security/cve/CVE-2023-45285.html
* https://bugzilla.suse.com/show_bug.cgi?id=1212475
* https://bugzilla.suse.com/show_bug.cgi?id=1216943
* https://bugzilla.suse.com/show_bug.cgi?id=1217833
* https://bugzilla.suse.com/show_bug.cgi?id=1217834



SUSE-SU-2023:4730-1: important: Security update for the Linux Kernel


# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2023:4730-1
Rating: important
References:

* bsc#1084909
* bsc#1207948
* bsc#1210447
* bsc#1214286
* bsc#1214700
* bsc#1214840
* bsc#1214976
* bsc#1215123
* bsc#1215124
* bsc#1215292
* bsc#1215420
* bsc#1215458
* bsc#1215710
* bsc#1215802
* bsc#1215931
* bsc#1216058
* bsc#1216105
* bsc#1216259
* bsc#1216527
* bsc#1216584
* bsc#1216687
* bsc#1216693
* bsc#1216759
* bsc#1216788
* bsc#1216844
* bsc#1216861
* bsc#1216909
* bsc#1216959
* bsc#1216965
* bsc#1216976
* bsc#1217036
* bsc#1217068
* bsc#1217086
* bsc#1217095
* bsc#1217124
* bsc#1217140
* bsc#1217147
* bsc#1217195
* bsc#1217196
* bsc#1217200
* bsc#1217205
* bsc#1217332
* bsc#1217366
* bsc#1217511
* bsc#1217515
* bsc#1217598
* bsc#1217599
* bsc#1217609
* bsc#1217687
* bsc#1217731
* bsc#1217780
* jsc#PED-3184
* jsc#PED-5021
* jsc#PED-7237

Cross-References:

* CVE-2023-2006
* CVE-2023-25775
* CVE-2023-39197
* CVE-2023-39198
* CVE-2023-4244
* CVE-2023-45863
* CVE-2023-45871
* CVE-2023-46862
* CVE-2023-5158
* CVE-2023-5633
* CVE-2023-5717
* CVE-2023-6039
* CVE-2023-6176

CVSS scores:

* CVE-2023-2006 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2006 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-25775 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-25775 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-39197 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
* CVE-2023-39198 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-39198 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4244 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4244 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45863 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-45871 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-46862 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46862 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-5158 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-5158 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-5633 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5633 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5717 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5717 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6039 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6039 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP5
* Development Tools Module 15-SP5
* Legacy Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Availability Extension 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro 6.0
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP5

An update that solves 13 vulnerabilities, contains three features and has 38
security fixes can now be installed.

## Description:

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security
and bugfixes.

The following security bugs were fixed:

* CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm
scatterwalk functionality (bsc#1217332).
* CVE-2023-2006: Fixed a race condition in the RxRPC network protocol
(bsc#1210447).
* CVE-2023-5633: Fixed a use-after-free flaw in the way memory objects were
handled when they were being used to store a surface (bsc#1216527).
* CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet()
(bsc#1216976).
* CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which
could be exploited to achieve local privilege escalation (bsc#1215420).
* CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in
drivers/net/usb/lan78xx.c (bsc#1217068).
* CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path()
(bsc#1216058).
* CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in
drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710).
* CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may
not be adequate for frames larger than the MTU (bsc#1216259).
* CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the
Performance Events component (bsc#1216584).
* CVE-2023-39198: Fixed a race condition leading to use-after-free in
qxl_mode_dumb_create() (bsc#1216965).
* CVE-2023-25775: Fixed improper access control in the Intel Ethernet
Controller RDMA driver (bsc#1216959).
* CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo()
(bsc#1216693).

The following non-security bugs were fixed:

* ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes).
* ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes).
* ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (git-fixes).
* ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (git-fixes).
* ALSA: hda/realtek - ALC287 Realtek I2S speaker platform support (git-fixes).
* ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (git-fixes).
* ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (git-fixes).
* ALSA: hda/realtek: Add quirk for ASUS UX7602ZM (git-fixes).
* ALSA: hda/realtek: Add quirks for ASUS 2024 Zenbooks (git-fixes).
* ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes).
* ALSA: hda/realtek: Add support dual speaker for Dell (git-fixes).
* ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes).
* ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes).
* ALSA: hda: ASUS UM5302LA: Added quirks for cs35L41/10431A83 on i2c bus (git-
fixes).
* ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140).
* ALSA: hda: Fix possible null-ptr-deref when assigning a stream (git-fixes).
* ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes).
* ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
* ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (git-fixes).
* ALSA: info: Fix potential deadlock at disconnection (git-fixes).
* ALSA: usb-audio: add quirk flag to enable native DSD for McIntosh devices
(git-fixes).
* ARM: 9321/1: memset: cast the constant byte to unsigned char (git-fixes).
* ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (git-fixes).
* ASoC: SOF: core: Ensure sof_ops_free() is still called when probe never ran
(git-fixes).
* ASoC: ams-delta.c: use component after check (git-fixes).
* ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix
(git-fixes).
* ASoC: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
* ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (git-fixes).
* ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (git-fixes).
* ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not
described (git-fixes).
* ASoC: hdmi-codec: register hpd callback on component probe (git-fixes).
* ASoC: rt5650: fix the wrong result of key button (git-fixes).
* ASoC: simple-card: fixup asoc_simple_probe() error handling (git-fixes).
* ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (git-fixes).
* Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (git-fixes).
* Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (git-
fixes).
* Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (git-
fixes).
* Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes).
* Documentation: networking: correct possessive "its" (bsc#1215458).
* Drivers: hv: vmbus: Remove unused extern declaration vmbus_ontimer() (git-
fixes).
* Fix termination state for idr_for_each_entry_ul() (git-fixes).
* HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (git-fixes).
* HID: hyperv: Replace one-element array with flexible-array member (git-
fixes).
* HID: hyperv: avoid struct memcpy overrun warning (git-fixes).
* HID: hyperv: remove unused struct synthhid_msg (git-fixes).
* HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround
(git-fixes).
* HID: logitech-hidpp: Do not restart IO, instead defer hid_connect() only
(git-fixes).
* HID: logitech-hidpp: Move get_wireless_feature_index() check to
hidpp_connect_event() (git-fixes).
* HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (git-fixes).
* HID: logitech-hidpp: Revert "Do not restart communication if not necessary"
(git-fixes).
* Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
(git-fixes).
* Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (git-
fixes).
* Input: xpad - add VID for Turtle Beach controllers (git-fixes).
* NFS: Fix access to page->mapping (bsc#1216788).
* PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (git-fixes).
* PCI/sysfs: Protect driver's D3cold preference from user space (git-fixes).
* PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1215458).
* PCI: Extract ATS disabling to a helper function (bsc#1215458).
* PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git-
fixes).
* PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (git-fixes).
* PCI: Use FIELD_GET() to extract Link Width (git-fixes).
* PCI: exynos: Do not discard .remove() callback (git-fixes).
* PCI: keystone: Do not discard .probe() callback (git-fixes).
* PCI: keystone: Do not discard .remove() callback (git-fixes).
* PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (git-
fixes).
* PCI: vmd: Correct PCI Header Type Register's multi-function check (git-
fixes).
* PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (git-fixes).
* PM: hibernate: Use __get_safe_page() rather than touching the list (git-
fixes).
* USB: dwc2: write HCINT with INTMASK applied (bsc#1214286).
* USB: dwc3: qcom: fix ACPI platform device leak (git-fixes).
* USB: dwc3: qcom: fix resource leaks on probe deferral (git-fixes).
* USB: dwc3: qcom: fix software node leak on probe errors (git-fixes).
* USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes).
* USB: serial: option: add Fibocom L7xx modules (git-fixes).
* USB: serial: option: add Luat Air72*U series products (git-fixes).
* USB: serial: option: do not claim interface 4 for ZTE MF290 (git-fixes).
* USB: serial: option: fix FM101R-GL defines (git-fixes).
* USB: usbip: fix stub_dev hub disconnect (git-fixes).
* arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
* arm64: Add Cortex-A520 CPU part definition (git-fixes)
* arm64: allow kprobes on EL0 handlers (git-fixes)
* arm64: armv8_deprecated move emulation functions (git-fixes)
* arm64: armv8_deprecated: fix unused-function error (git-fixes)
* arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
* arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
* arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
* arm64: consistently pass ESR_ELx to die() (git-fixes)
* arm64: die(): pass 'err' as long (git-fixes)
* arm64: factor insn read out of call_undef_hook() (git-fixes)
* arm64: factor out EL1 SSBS emulation hook (git-fixes)
* arm64: report EL1 UNDEFs better (git-fixes)
* arm64: rework BTI exception handling (git-fixes)
* arm64: rework EL0 MRS emulation (git-fixes)
* arm64: rework FPAC exception handling (git-fixes)
* arm64: split EL0/EL1 UNDEF handlers (git-fixes)
* ata: pata_isapnp: Add missing error check for devm_ioport_map() (git-fixes).
* atl1c: Work around the DMA RX overflow issue (git-fixes).
* atm: iphase: Do PCI error checks on own line (git-fixes).
* blk-mq: Do not clear driver tags own mapping (bsc#1217366).
* blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping()
(bsc#1217366).
* bluetooth: Add device 0bda:887b to device tables (git-fixes).
* bluetooth: Add device 13d3:3571 to device tables (git-fixes).
* btrfs: always log symlinks in full mode (bsc#1214840).
* can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is
accessed out of bounds (git-fixes).
* can: dev: can_restart(): do not crash kernel if carrier is OK (git-fixes).
* can: dev: can_restart(): fix race condition between controller restart and
netif_carrier_on() (git-fixes).
* can: isotp: add local echo tx processing for consecutive frames (git-fixes).
* can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-
fixes).
* can: isotp: fix tx state handling for echo tx processing (git-fixes).
* can: isotp: handle wait_event_interruptible() return values (git-fixes).
* can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting
(git-fixes).
* can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (git-
fixes).
* can: isotp: remove re-binding of bound socket (git-fixes).
* can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes).
* can: isotp: set max PDU size to 64 kByte (git-fixes).
* can: isotp: split tx timer into transmission and timeout (git-fixes).
* can: sja1000: Fix comment (git-fixes).
* clk: Sanitize possible_parent_show to Handle Return Value of
of_clk_get_parent_name (git-fixes).
* clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes).
* clk: imx: imx8mq: correct error handling path (git-fixes).
* clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes).
* clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (git-fixes).
* clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (git-fixes).
* clk: npcm7xx: Fix incorrect kfree (git-fixes).
* clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies
(git-fixes).
* clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (git-fixes).
* clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes).
* clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (git-
fixes).
* clk: qcom: mmcc-msm8998: Do not check halt bit on some branch clks (git-
fixes).
* clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes).
* clk: scmi: Free scmi_clk allocated when the clocks with invalid info are
skipped (git-fixes).
* clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (git-fixes).
* clk: ti: Update component clocks to use ti_dt_clk_name() (git-fixes).
* clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (git-
fixes).
* clk: ti: change ti_clk_register_omap_hw API (git-fixes).
* clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes).
* clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware
(git-fixes).
* clocksource/drivers/timer-imx-gpt: Fix potential memory leak (git-fixes).
* crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (git-fixes).
* crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (git-fixes).
* crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (git-fixes).
* dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (git-
fixes).
* dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (git-
fixes).
* dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes).
* dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes).
* drm/amd/display: Avoid NULL dereference of timing generator (git-fixes).
* drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox
(git-fixes).
* drm/amd/display: Refactor dm_get_plane_scale helper (git-fixes).
* drm/amd/display: remove useless check in should_enable_fbc() (git-fixes).
* drm/amd/display: use full update for clip size increase of large plane
source (git-fixes).
* drm/amd/pm: Handle non-terminated overdrive commands (git-fixes).
* drm/amd: Disable ASPM for VI w/ all Intel systems (git-fixes).
* drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (git-
fixes).
* drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (git-fixes).
* drm/amd: Move helper for dynamic speed switch check out of smu13 (git-
fixes).
* drm/amd: Update `update_pcie_parameters` functions to use uint8_t arguments
(git-fixes).
* drm/amdgpu/vkms: fix a possible null pointer dereference (git-fixes).
* drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL
(git-fixes).
* drm/amdgpu: Fix potential null pointer derefernce (git-fixes).
* drm/amdgpu: Remove unnecessary domain argument (git-fixes).
* drm/amdgpu: Reserve fences for VM update (git-fixes).
* drm/amdgpu: add drv_vram_usage_va for virt data exchange (bsc#1215802).
* drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-
fixes).
* drm/amdgpu: do not use ATRM for external devices (git-fixes).
* drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes).
* drm/amdgpu: fix software pci_unplug on some chips (git-fixes).
* drm/amdgpu: not to save bo in the case of RAS err_event_athub (git-fixes).
* drm/amdgpu: skip vram reserve on firmware_v2_2 for bare-metal (bsc#1215802).
* drm/amdkfd: Fix a race condition of vram buffer unref in svm code (git-
fixes).
* drm/amdkfd: Fix shift out-of-bounds issue (git-fixes).
* drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code
(git-fixes).
* drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in
drm_bridge_state (git-fixes).
* drm/bridge: lt8912b: Add missing drm_bridge_attach call (git-fixes).
* drm/bridge: lt8912b: Fix bridge_detach (git-fixes).
* drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes).
* drm/bridge: lt8912b: Manually disable HPD only if it was enabled (git-
fixes).
* drm/bridge: lt8912b: Register and attach our DSI device at probe (git-
fixes).
* drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (git-fixes).
* drm/bridge: lt9611uxc: Register and attach our DSI device at probe (git-
fixes).
* drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (git-fixes).
* drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
* drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
* drm/bridge: tc358768: Clean up clock period code (git-fixes).
* drm/bridge: tc358768: Disable non-continuous clock mode (git-fixes).
* drm/bridge: tc358768: Fix bit updates (git-fixes).
* drm/bridge: tc358768: Fix tc358768_ns_to_cnt() (git-fixes).
* drm/bridge: tc358768: Fix use of uninitialized variable (git-fixes).
* drm/bridge: tc358768: Print logical values, not raw register values (git-
fixes).
* drm/bridge: tc358768: Rename dsibclk to hsbyteclk (git-fixes).
* drm/bridge: tc358768: Use dev for dbg prints, not priv->dev (git-fixes).
* drm/bridge: tc358768: Use struct videomode (git-fixes).
* drm/bridge: tc358768: remove unused variable (git-fixes).
* drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() (git-
fixes).
* drm/gma500: Fix call trace when psb_gem_mm_init() fails (git-fixes).
* drm/gud: Use size_add() in call to struct_size() (git-fixes).
* drm/i915: Fix potential spectre vulnerability (git-fixes).
* drm/i915: Flush WC GGTT only on required platforms (git-fixes).
* drm/komeda: drop all currently held locks if deadlock happens (git-fixes).
* drm/mediatek: Fix iommu fault by swapping FBs after updating plane state
(git-fixes).
* drm/mediatek: Fix iommu fault during crtc enabling (git-fixes).
* drm/mipi-dsi: Create devm device attachment (git-fixes).
* drm/mipi-dsi: Create devm device registration (git-fixes).
* drm/msm/dp: skip validity check for DP CTS EDID checksum (git-fixes).
* drm/msm/dsi: free TX buffer in unbind (git-fixes).
* drm/msm/dsi: use msm_gem_kernel_put to free TX buffer (git-fixes).
* drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-
fixes).
* drm/panel: fix a possible null pointer dereference (git-fixes).
* drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (git-fixes).
* drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes).
* drm/panel: st7703: Pick different reset sequence (git-fixes).
* drm/qxl: prevent memory leak (git-fixes).
* drm/radeon: fix a possible null pointer dereference (git-fixes).
* drm/radeon: possible buffer overflow (git-fixes).
* drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (git-
fixes).
* drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (git-
fixes).
* drm/rockchip: vop: Fix call to crtc reset helper (git-fixes).
* drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (git-
fixes).
* drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (git-
fixes).
* drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (git-fixes).
* drm/ttm: Reorder sys manager cleanup step (git-fixes).
* drm/vc4: fix typo (git-fixes).
* drm/vmwgfx: Remove the duplicate bo_free function (bsc#1216527)
* drm/vmwgfx: Rename vmw_buffer_object to vmw_bo (bsc#1216527)
* drm: bridge: it66121: Fix invalid connector dereference (git-fixes).
* drm: mediatek: mtk_dsi: Fix NO_EOT_PACKET settings/handling (git-fixes).
* drm: vmwgfx_surface.c: copy user-array safely (git-fixes).
* dt-bindings: usb: hcd: add missing phy name to example (git-fixes).
* dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes).
* fbdev: atyfb: only use ioremap_uc() on i386 and ia64 (git-fixes).
* fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes).
* fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes).
* fbdev: imsttfb: Release framebuffer and dealloc cmap on error path (git-
fixes).
* fbdev: imsttfb: fix a resource leak in probe (git-fixes).
* fbdev: imsttfb: fix double free in probe() (git-fixes).
* fbdev: omapfb: Drop unused remove function (git-fixes).
* fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() (git-
fixes).
* firewire: core: fix possible memory leak in create_units() (git-fixes).
* gpio: mockup: fix kerneldoc (git-fixes).
* gpio: mockup: remove unused field (git-fixes).
* gpu: host1x: Correct allocated size for contexts (git-fixes).
* hid: cp2112: Fix duplicate workqueue initialization (git-fixes).
* hv: simplify sysctl registration (git-fixes).
* hv_netvsc: Fix race of register_netdevice_notifier and VF register (git-
fixes).
* hv_netvsc: Mark VF as slave before exposing it to user-mode (git-fixes).
* hv_netvsc: fix netvsc_send_completion to avoid multiple message length
checks (git-fixes).
* hv_netvsc: fix race of netvsc and VF register_netdevice (git-fixes).
* hwmon: (coretemp) Fix potentially truncated sysfs attribute name (git-
fixes).
* i2c: core: Run atomic i2c xfer when !preemptible (git-fixes).
* i2c: designware: Disable TX_EMPTY irq while waiting for block length byte
(git-fixes).
* i2c: dev: copy userspace array safely (git-fixes).
* i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-
fixes).
* i2c: iproc: handle invalid slave state (git-fixes).
* i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes).
* i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (git-
fixes).
* i3c: master: cdns: Fix reading status register (git-fixes).
* i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data (git-
fixes).
* i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (git-
fixes).
* i3c: master: svc: fix check wrong status register in irq handler (git-
fixes).
* i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes).
* i3c: master: svc: fix race condition in ibi work thread (git-fixes).
* i3c: master: svc: fix wrong data return when IBI happen during start frame
(git-fixes).
* i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (git-
fixes).
* i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes).
* idpf: add RX splitq napi poll support (bsc#1215458).
* idpf: add SRIOV support and other ndo_ops (bsc#1215458).
* idpf: add TX splitq napi poll support (bsc#1215458).
* idpf: add controlq init and reset checks (bsc#1215458).
* idpf: add core init and interrupt request (bsc#1215458).
* idpf: add create vport and netdev configuration (bsc#1215458).
* idpf: add ethtool callbacks (bsc#1215458).
* idpf: add module register and probe functionality (bsc#1215458).
* idpf: add ptypes and MAC filter support (bsc#1215458).
* idpf: add singleq start_xmit and napi poll (bsc#1215458).
* idpf: add splitq start_xmit (bsc#1215458).
* idpf: cancel mailbox work in error path (bsc#1215458).
* idpf: configure resources for RX queues (bsc#1215458).
* idpf: configure resources for TX queues (bsc#1215458).
* idpf: fix potential use-after-free in idpf_tso() (bsc#1215458).
* idpf: initialize interrupts and enable vport (bsc#1215458).
* idpf: set scheduling mode for completion queue (bsc#1215458).
* irqchip/stm32-exti: add missing DT IRQ flag translation (git-fixes).
* leds: pwm: Do not disable the PWM when the LED should be off (git-fixes).
* leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu'
(git-fixes).
* leds: turris-omnia: Do not use SMBUS calls (git-fixes).
* lsm: fix default return value for inode_getsecctx (git-fixes).
* lsm: fix default return value for vm_enough_memory (git-fixes).
* media: bttv: fix use after free error due to btv->timeout timer (git-fixes).
* media: ccs: Correctly initialise try compose rectangle (git-fixes).
* media: ccs: Fix driver quirk struct documentation (git-fixes).
* media: cedrus: Fix clock/reset sequence (git-fixes).
* media: cobalt: Use FIELD_GET() to extract Link Width (git-fixes).
* media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes).
* media: i2c: max9286: Fix some redundant of_node_put() calls (git-fixes).
* media: imon: fix access to invalid resource for the second interface (git-
fixes).
* media: lirc: drop trailing space from scancode transmit (git-fixes).
* media: qcom: camss: Fix VFE-17x vfe_disable_output() (git-fixes).
* media: qcom: camss: Fix missing vfe_lite clocks check (git-fixes).
* media: qcom: camss: Fix pm_domain_on sequence in probe (git-fixes).
* media: qcom: camss: Fix vfe_get() error jump (git-fixes).
* media: sharp: fix sharp encoding (git-fixes).
* media: siano: Drop unnecessary error check for debugfs_create_dir/file()
(git-fixes).
* media: venus: hfi: add checks to handle capabilities from firmware (git-
fixes).
* media: venus: hfi: add checks to perform sanity on queue pointers (git-
fixes).
* media: venus: hfi: fix the check to handle session buffer requirement (git-
fixes).
* media: venus: hfi_parser: Add check to keep the number of codecs within
range (git-fixes).
* media: vidtv: mux: Add check and kfree for kstrdup (git-fixes).
* media: vidtv: psi: Add check for kstrdup (git-fixes).
* media: vivid: avoid integer overflow (git-fixes).
* mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (git-
fixes).
* mfd: core: Ensure disabled devices are skipped without aborting (git-fixes).
* mfd: dln2: Fix double put in dln2_probe (git-fixes).
* misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (git-
fixes).
* mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#PED-7237,
git-fixes).
* mmc: block: Be sure to wait while busy in CQE error recovery (git-fixes).
* mmc: block: Do not lose cache flush during CQE error recovery (git-fixes).
* mmc: block: Retry commands in CQE error recovery (git-fixes).
* mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes).
* mmc: cqhci: Increase recovery halt timeout (git-fixes).
* mmc: cqhci: Warn of halt or task clear failure (git-fixes).
* mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes).
* mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (git-
fixes).
* mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (git-
fixes).
* mmc: sdhci_am654: fix start loop index for TAP value parsing (git-fixes).
* mmc: vub300: fix an error code (git-fixes).
* modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (git-fixes).
* mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes).
* mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes).
* mtd: rawnand: arasan: Include ECC syndrome along with in-band data while
checking for ECC failure (git-fixes).
* net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759).
* net: Avoid address overwrite in kernel_connect (bsc#1216861).
* net: add macro netif_subqueue_completed_wake (bsc#1215458).
* net: fix use-after-free in tw_timer_handler (bsc#1217195).
* net: mana: Fix return type of mana_start_xmit() (git-fixes).
* net: piggy back on the memory barrier in bql when waking queues
(bsc#1215458).
* net: provide macros for commonly copied lockless queue stop/wake code
(bsc#1215458).
* net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-
fixes).
* nvme: update firmware version after commit (bsc#1215292).
* pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes).
* pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()
(git-fixes).
* pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes).
* pinctrl: avoid reload of p state in list iteration (git-fixes).
* platform/x86/intel-uncore-freq: Return error on write frequency
(bsc#1217147).
* platform/x86/intel-uncore-freq: Split common and enumeration part
(bsc#1217147).
* platform/x86/intel-uncore-freq: Support for cluster level controls
(bsc#1217147).
* platform/x86/intel-uncore-freq: Uncore frequency control via TPMI
(bsc#1217147).
* platform/x86/intel-uncore-freq: tpmi: Provide cluster level control
(bsc#1217147).
* platform/x86/intel/tpmi: ADD tpmi external interface for tpmi feature
drivers (bsc#1217147).
* platform/x86/intel/tpmi: Fix double free reported by Smatch (bsc#1217147).
* platform/x86/intel/tpmi: Process CPU package mapping (bsc#1217147).
* platform/x86/intel/uncore-freq: Display uncore current frequency
(bsc#1217147).
* platform/x86/intel/uncore-freq: Move to uncore-frequency folder
(bsc#1217147).
* platform/x86/intel/uncore-freq: Use sysfs API to create attributes
(bsc#1217147).
* platform/x86/intel/vsec: Add TPMI ID (bsc#1217147).
* platform/x86/intel/vsec: Enhance and Export intel_vsec_add_aux()
(bsc#1217147).
* platform/x86/intel/vsec: Support private data (bsc#1217147).
* platform/x86/intel/vsec: Use mutex for ida_alloc() and ida_free()
(bsc#1217147).
* platform/x86/intel: Intel TPMI enumeration driver (bsc#1217147).
* platform/x86/intel: tpmi: Fix double free in tpmi_create_device()
(bsc#1217147).
* platform/x86: intel-uncore-freq: Add client processors (bsc#1217147).
* platform/x86: intel-uncore-freq: Conditionally create attribute for read
frequency (bsc#1217147).
* platform/x86: intel-uncore-freq: Prevent driver loading in guests
(bsc#1217147).
* platform/x86: intel-uncore-freq: Use sysfs_emit() to instead of scnprintf()
(bsc#1217147).
* platform/x86: intel-uncore-freq: fix uncore_freq_common_init() error codes
(bsc#1217147).
* platform/x86: intel-uncore-frequency: Move to intel sub-directory
(bsc#1217147).
* platform/x86: intel-uncore-frequency: use default_groups in kobj_type
(bsc#1217147).
* platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (git-
fixes).
* platform/x86: wmi: Fix opening of char device (git-fixes).
* platform/x86: wmi: Fix probe failure when failing to register WMI devices
(git-fixes).
* platform/x86: wmi: remove unnecessary initializations (git-fixes).
* powerpc/perf/hv-24x7: Update domain value check (bsc#1215931).
* powerpc/vas: Limit open window failure messages in log bufffer (bsc#1216687
ltc#203927).
* powerpc: Do not clobber f0/vs0 during fp|altivec register save
(bsc#1217780).
* pwm: Fix double shift bug (git-fixes).
* pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (git-fixes).
* pwm: sti: Reduce number of allocations and drop usage of chip_data (git-
fixes).
* r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes).
* r8152: Check for unplug in rtl_phy_patch_request() (git-fixes).
* regmap: Ensure range selector registers are updated after cache sync (git-
fixes).
* regmap: debugfs: Fix a erroneous check after snprintf() (git-fixes).
* regmap: prevent noinc writes from clobbering cache (git-fixes).
* s390/ap: fix AP bus crash on early config change callback invocation (git-
fixes bsc#1217687).
* s390/cio: unregister device when the only path is gone (git-fixes
bsc#1217609).
* s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086).
* s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203997
bsc#1217086).
* s390/cmma: fix initial kernel address space page table walk (LTC#203997
bsc#1217086).
* s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217205).
* s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629
bsc#1215124).
* s390/dasd: protect device queue against concurrent access (git-fixes
bsc#1217515).
* s390/dasd: use correct number of retries for ERP requests (git-fixes
bsc#1217598).
* s390/ipl: add missing IPL_TYPE_ECKD_DUMP case to ipl_init() (git-fixes
bsc#1217511).
* s390/ipl: add missing secure/has_secure file to ipl type 'unknown'
(bsc#1214976 git-fixes).
* s390/mm: add missing arch_set_page_dat() call to gmap allocations
(LTC#203997 bsc#1217086).
* s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc()
(LTC#203997 bsc#1217086).
* s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200).
* s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes
bsc#1217599).
* sbitmap: fix batched wait_cnt accounting (bsc#1217095 bsc#1217196).
* sbitmap: fix up kABI for sbitmap_queue_wake_up() (bsc#1217095 bsc#1217196).
* sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes).
* scsi: lpfc: Copyright updates for 14.2.0.16 patches (bsc#1217731).
* scsi: lpfc: Correct maximum PCI function value for RAS fw logging
(bsc#1217731).
* scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss()
(bsc#1217731).
* scsi: lpfc: Enhance driver logging for selected discovery events
(bsc#1217731).
* scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi()
(bsc#1217731).
* scsi: lpfc: Fix possible file string name overflow when updating firmware
(bsc#1217731).
* scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (bsc#1217124).
* scsi: lpfc: Refactor and clean up mailbox command memory free (bsc#1217731).
* scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV
ports (bsc#1217124).
* scsi: lpfc: Remove unnecessary zero return code assignment in
lpfc_sli4_hba_setup (bsc#1217124).
* scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading
(bsc#1217731).
* scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci
offline (bsc#1217124).
* scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124).
* scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731).
* scsi: lpfc: Validate ELS LS_ACC completion payload (bsc#1217124).
* scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes).
* scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git-
fixes).
* selftests/efivarfs: create-read: fix a resource leak (git-fixes).
* selftests/pidfd: Fix ksft print formats (git-fixes).
* selftests/resctrl: Ensure the benchmark commands fits to its array (git-
fixes).
* selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (git-
fixes).
* selftests/resctrl: Remove duplicate feature check from CMT test (git-fixes).
* seq_buf: fix a misleading comment (git-fixes).
* serial: exar: Revert "serial: exar: Add support for Sealevel 7xxxC serial
cards" (git-fixes).
* serial: meson: Use platform_get_irq() to get the interrupt (git-fixes).
* soc: qcom: llcc: Handle a second device without data corruption (git-fixes).
* spi: nxp-fspi: use the correct ioremap function (git-fixes).
* spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes).
* spi: tegra: Fix missing IRQ check in tegra_slink_probe() (git-fixes).
* staging: media: ipu3: remove ftrace-like logging (git-fixes).
* string.h: add array-wrappers for (v)memdup_user() (git-fixes).
* supported.conf: marked idpf supported
* thermal: core: prevent potential string overflow (git-fixes).
* tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes).
* tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (git-fixes).
* tty: 8250: Add support for Brainboxes UP cards (git-fixes).
* tty: 8250: Add support for Intashield IS-100 (git-fixes).
* tty: 8250: Add support for Intashield IX cards (git-fixes).
* tty: 8250: Add support for additional Brainboxes PX cards (git-fixes).
* tty: 8250: Add support for additional Brainboxes UC cards (git-fixes).
* tty: 8250: Fix port count of PX-257 (git-fixes).
* tty: 8250: Fix up PX-803/PX-857 (git-fixes).
* tty: 8250: Remove UC-257 and UC-431 (git-fixes).
* tty: Fix uninit-value access in ppp_sync_receive() (git-fixes).
* tty: n_gsm: fix race condition in status line change on dead connections
(git-fixes).
* tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes).
* tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes).
* tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes).
* usb: cdnsp: Fix deadlock issue during using NCM gadget (git-fixes).
* usb: chipidea: Fix DMA overwrite for Tegra (git-fixes).
* usb: chipidea: Simplify Tegra DMA alignment code (git-fixes).
* usb: dwc2: fix possible NULL pointer dereference caused by driver
concurrency (git-fixes).
* usb: dwc3: Fix default mode initialization (git-fixes).
* usb: dwc3: set the dma max_seg_size (git-fixes).
* usb: gadget: f_ncm: Always set current gadget in ncm_bind() (git-fixes).
* usb: raw-gadget: properly handle interrupted requests (git-fixes).
* usb: storage: set 1.50 as the lower bcdDevice for older "Super Top"
compatibility (git-fixes).
* usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (git-
fixes).
* usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes).
* virtchnl: add virtchnl version 2 ops (bsc#1215458).
* wifi: ath10k: Do not touch the CE interrupt registers after power up (git-
fixes).
* wifi: ath10k: fix clang-specific fortify warning (git-fixes).
* wifi: ath11k: debugfs: fix to work with multiple PCI devices (git-fixes).
* wifi: ath11k: fix dfs radar event locking (git-fixes).
* wifi: ath11k: fix gtk offload status event locking (git-fixes).
* wifi: ath11k: fix htt pktlog locking (git-fixes).
* wifi: ath11k: fix temperature event locking (git-fixes).
* wifi: ath9k: fix clang-specific fortify warnings (git-fixes).
* wifi: iwlwifi: Use FW rate for non-data frames (git-fixes).
* wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-
fixes).
* wifi: iwlwifi: empty overflow queue during flush (git-fixes).
* wifi: iwlwifi: honor the enable_ini value (git-fixes).
* wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes).
* wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-
fixes).
* wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes).
* wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes).
* wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes).
* wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file()
(git-fixes).
* x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes).
* x86/cpu: Clear SVM feature if disabled by BIOS (bsc#1214700).
* x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes).
* x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git-
fixes).
* x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes).
* x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg (git-fixes).
* x86/hyperv: Make hv_get_nmi_reason public (git-fixes).
* x86/hyperv: fix a warning in mshyperv.h (git-fixes).
* x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git-
fixes).
* x86/sev: Fix calculation of end address based on number of pages (git-
fixes).
* x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git-
fixes).
* x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
* xfs: add attr state machine tracepoints (git-fixes).
* xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
* xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
* xfs: constify btree function parameters that are not modified (git-fixes).
* xfs: convert AGF log flags to unsigned (git-fixes).
* xfs: convert AGI log flags to unsigned (git-fixes).
* xfs: convert attr type flags to unsigned (git-fixes).
* xfs: convert bmap extent type flags to unsigned (git-fixes).
* xfs: convert bmapi flags to unsigned (git-fixes).
* xfs: convert btree buffer log flags to unsigned (git-fixes).
* xfs: convert buffer flags to unsigned (git-fixes).
* xfs: convert buffer log item flags to unsigned (git-fixes).
* xfs: convert da btree operations flags to unsigned (git-fixes).
* xfs: convert dquot flags to unsigned (git-fixes).
* xfs: convert inode lock flags to unsigned (git-fixes).
* xfs: convert log item tracepoint flags to unsigned (git-fixes).
* xfs: convert log ticket and iclog flags to unsigned (git-fixes).
* xfs: convert quota options flags to unsigned (git-fixes).
* xfs: convert scrub type flags to unsigned (git-fixes).
* xfs: disambiguate units for ftrace fields tagged "blkno", "block", or "bno"
(git-fixes).
* xfs: disambiguate units for ftrace fields tagged "count" (git-fixes).
* xfs: disambiguate units for ftrace fields tagged "len" (git-fixes).
* xfs: disambiguate units for ftrace fields tagged "offset" (git-fixes).
* xfs: make the key parameters to all btree key comparison functions const
(git-fixes).
* xfs: make the key parameters to all btree query range functions const (git-
fixes).
* xfs: make the keys and records passed to btree inorder functions const (git-
fixes).
* xfs: make the pointer passed to btree set_root functions const (git-fixes).
* xfs: make the start pointer passed to btree alloc_block functions const
(git-fixes).
* xfs: make the start pointer passed to btree update_lastrec functions const
(git-fixes).
* xfs: mark the record passed into btree init_key functions as const (git-
fixes).
* xfs: mark the record passed into xchk_btree functions as const (git-fixes).
* xfs: remove xfs_btree_cur_t typedef (git-fixes).
* xfs: rename i_disk_size fields in ftrace output (git-fixes).
* xfs: resolve fork names in trace output (git-fixes).
* xfs: standardize AG block number formatting in ftrace output (git-fixes).
* xfs: standardize AG number formatting in ftrace output (git-fixes).
* xfs: standardize daddr formatting in ftrace output (git-fixes).
* xfs: standardize inode generation formatting in ftrace output (git-fixes).
* xfs: standardize inode number formatting in ftrace output (git-fixes).
* xfs: standardize remaining xfs_buf length tracepoints (git-fixes).
* xfs: standardize rmap owner number formatting in ftrace output (git-fixes).
* xhci: Enable RPM on controllers that support low-power states (git-fixes).
* xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4730=1 openSUSE-SLE-15.5-2023-4730=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4730=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4730=1

* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4730=1

* Legacy Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4730=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4730=1
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.

* SUSE Linux Enterprise High Availability Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-4730=1

* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4730=1

## Package List:

* openSUSE Leap 15.5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.39.1
* openSUSE Leap 15.5 (noarch)
* kernel-macros-5.14.21-150500.55.39.1
* kernel-source-vanilla-5.14.21-150500.55.39.1
* kernel-devel-5.14.21-150500.55.39.1
* kernel-source-5.14.21-150500.55.39.1
* kernel-docs-html-5.14.21-150500.55.39.1
* openSUSE Leap 15.5 (nosrc ppc64le x86_64)
* kernel-debug-5.14.21-150500.55.39.1
* openSUSE Leap 15.5 (ppc64le x86_64)
* kernel-debug-debugsource-5.14.21-150500.55.39.1
* kernel-debug-debuginfo-5.14.21-150500.55.39.1
* kernel-debug-livepatch-devel-5.14.21-150500.55.39.1
* kernel-debug-devel-5.14.21-150500.55.39.1
* kernel-debug-devel-debuginfo-5.14.21-150500.55.39.1
* openSUSE Leap 15.5 (x86_64)
* kernel-default-vdso-5.14.21-150500.55.39.1
* kernel-debug-vdso-5.14.21-150500.55.39.1
* kernel-kvmsmall-vdso-debuginfo-5.14.21-150500.55.39.1
* kernel-debug-vdso-debuginfo-5.14.21-150500.55.39.1
* kernel-kvmsmall-vdso-5.14.21-150500.55.39.1
* kernel-default-vdso-debuginfo-5.14.21-150500.55.39.1
* openSUSE Leap 15.5 (aarch64 ppc64le x86_64)
* kernel-default-base-rebuild-5.14.21-150500.55.39.1.150500.6.17.1
* kernel-kvmsmall-devel-debuginfo-5.14.21-150500.55.39.1
* kernel-default-base-5.14.21-150500.55.39.1.150500.6.17.1
* kernel-kvmsmall-devel-5.14.21-150500.55.39.1
* kernel-kvmsmall-debuginfo-5.14.21-150500.55.39.1
* kernel-kvmsmall-livepatch-devel-5.14.21-150500.55.39.1
* kernel-kvmsmall-debugsource-5.14.21-150500.55.39.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* kernel-default-debugsource-5.14.21-150500.55.39.1
* kernel-obs-build-5.14.21-150500.55.39.1
* cluster-md-kmp-default-5.14.21-150500.55.39.1
* kernel-default-devel-5.14.21-150500.55.39.1
* kernel-default-extra-debuginfo-5.14.21-150500.55.39.1
* gfs2-kmp-default-5.14.21-150500.55.39.1
* ocfs2-kmp-default-5.14.21-150500.55.39.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.39.1
* kernel-default-livepatch-devel-5.14.21-150500.55.39.1
* kernel-default-extra-5.14.21-150500.55.39.1
* kernel-default-optional-debuginfo-5.14.21-150500.55.39.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.39.1
* kselftests-kmp-default-debuginfo-5.14.21-150500.55.39.1
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.39.1
* kernel-default-optional-5.14.21-150500.55.39.1
* kernel-default-debuginfo-5.14.21-150500.55.39.1
* kernel-default-livepatch-5.14.21-150500.55.39.1
* kernel-obs-build-debugsource-5.14.21-150500.55.39.1
* kselftests-kmp-default-5.14.21-150500.55.39.1
* kernel-obs-qa-5.14.21-150500.55.39.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.39.1
* kernel-syms-5.14.21-150500.55.39.1
* reiserfs-kmp-default-5.14.21-150500.55.39.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.39.1
* dlm-kmp-default-5.14.21-150500.55.39.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.39.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150500.55.39.1
* openSUSE Leap 15.5 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-5.14.21-150500.55.39.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_39-default-1-150500.11.3.1
* kernel-livepatch-SLE15-SP5_Update_8-debugsource-1-150500.11.3.1
* kernel-livepatch-5_14_21-150500_55_39-default-debuginfo-1-150500.11.3.1
* openSUSE Leap 15.5 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150500.55.39.1
* openSUSE Leap 15.5 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150500.55.39.1
* kernel-zfcpdump-debuginfo-5.14.21-150500.55.39.1
* openSUSE Leap 15.5 (nosrc)
* dtb-aarch64-5.14.21-150500.55.39.1
* openSUSE Leap 15.5 (aarch64)
* dtb-apple-5.14.21-150500.55.39.1
* dtb-nvidia-5.14.21-150500.55.39.1
* dtb-freescale-5.14.21-150500.55.39.1
* kernel-64kb-livepatch-devel-5.14.21-150500.55.39.1
* dtb-marvell-5.14.21-150500.55.39.1
* dtb-altera-5.14.21-150500.55.39.1
* dtb-hisilicon-5.14.21-150500.55.39.1
* dtb-rockchip-5.14.21-150500.55.39.1
* dlm-kmp-64kb-5.14.21-150500.55.39.1
* dtb-sprd-5.14.21-150500.55.39.1
* dtb-apm-5.14.21-150500.55.39.1
* dlm-kmp-64kb-debuginfo-5.14.21-150500.55.39.1
* kernel-64kb-debugsource-5.14.21-150500.55.39.1
* gfs2-kmp-64kb-5.14.21-150500.55.39.1
* dtb-socionext-5.14.21-150500.55.39.1
* ocfs2-kmp-64kb-5.14.21-150500.55.39.1
* dtb-renesas-5.14.21-150500.55.39.1
* ocfs2-kmp-64kb-debuginfo-5.14.21-150500.55.39.1
* dtb-lg-5.14.21-150500.55.39.1
* kernel-64kb-extra-debuginfo-5.14.21-150500.55.39.1
* kernel-64kb-optional-debuginfo-5.14.21-150500.55.39.1
* kselftests-kmp-64kb-5.14.21-150500.55.39.1
* cluster-md-kmp-64kb-debuginfo-5.14.21-150500.55.39.1
* reiserfs-kmp-64kb-debuginfo-5.14.21-150500.55.39.1
* dtb-amlogic-5.14.21-150500.55.39.1
* dtb-amazon-5.14.21-150500.55.39.1
* kselftests-kmp-64kb-debuginfo-5.14.21-150500.55.39.1
* cluster-md-kmp-64kb-5.14.21-150500.55.39.1
* kernel-64kb-extra-5.14.21-150500.55.39.1
* dtb-mediatek-5.14.21-150500.55.39.1
* dtb-allwinner-5.14.21-150500.55.39.1
* dtb-cavium-5.14.21-150500.55.39.1
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.39.1
* kernel-64kb-optional-5.14.21-150500.55.39.1
* dtb-arm-5.14.21-150500.55.39.1
* dtb-broadcom-5.14.21-150500.55.39.1
* dtb-qcom-5.14.21-150500.55.39.1
* reiserfs-kmp-64kb-5.14.21-150500.55.39.1
* dtb-exynos-5.14.21-150500.55.39.1
* kernel-64kb-devel-5.14.21-150500.55.39.1
* dtb-amd-5.14.21-150500.55.39.1
* dtb-xilinx-5.14.21-150500.55.39.1
* gfs2-kmp-64kb-debuginfo-5.14.21-150500.55.39.1
* kernel-64kb-debuginfo-5.14.21-150500.55.39.1
* openSUSE Leap 15.5 (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.39.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150500.55.39.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64)
* kernel-default-base-5.14.21-150500.55.39.1.150500.6.17.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150500.55.39.1
* kernel-default-debugsource-5.14.21-150500.55.39.1
* Basesystem Module 15-SP5 (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.39.1
* Basesystem Module 15-SP5 (aarch64)
* kernel-64kb-debugsource-5.14.21-150500.55.39.1
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.39.1
* kernel-64kb-devel-5.14.21-150500.55.39.1
* kernel-64kb-debuginfo-5.14.21-150500.55.39.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150500.55.39.1
* Basesystem Module 15-SP5 (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150500.55.39.1.150500.6.17.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kernel-default-devel-debuginfo-5.14.21-150500.55.39.1
* kernel-default-devel-5.14.21-150500.55.39.1
* kernel-default-debuginfo-5.14.21-150500.55.39.1
* kernel-default-debugsource-5.14.21-150500.55.39.1
* Basesystem Module 15-SP5 (noarch)
* kernel-devel-5.14.21-150500.55.39.1
* kernel-macros-5.14.21-150500.55.39.1
* Basesystem Module 15-SP5 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150500.55.39.1
* Basesystem Module 15-SP5 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150500.55.39.1
* kernel-zfcpdump-debuginfo-5.14.21-150500.55.39.1
* Development Tools Module 15-SP5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.39.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kernel-syms-5.14.21-150500.55.39.1
* kernel-obs-build-debugsource-5.14.21-150500.55.39.1
* kernel-obs-build-5.14.21-150500.55.39.1
* Development Tools Module 15-SP5 (noarch)
* kernel-source-5.14.21-150500.55.39.1
* Legacy Module 15-SP5 (nosrc)
* kernel-default-5.14.21-150500.55.39.1
* Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.39.1
* kernel-default-debuginfo-5.14.21-150500.55.39.1
* reiserfs-kmp-default-5.14.21-150500.55.39.1
* kernel-default-debugsource-5.14.21-150500.55.39.1
* SUSE Linux Enterprise Live Patching 15-SP5 (nosrc)
* kernel-default-5.14.21-150500.55.39.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-default-debuginfo-5.14.21-150500.55.39.1
* kernel-default-debugsource-5.14.21-150500.55.39.1
* kernel-default-livepatch-5.14.21-150500.55.39.1
* kernel-livepatch-5_14_21-150500_55_39-default-1-150500.11.3.1
* kernel-livepatch-SLE15-SP5_Update_8-debugsource-1-150500.11.3.1
* kernel-default-livepatch-devel-5.14.21-150500.55.39.1
* kernel-livepatch-5_14_21-150500_55_39-default-debuginfo-1-150500.11.3.1
* SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le
s390x x86_64)
* dlm-kmp-default-debuginfo-5.14.21-150500.55.39.1
* kernel-default-debuginfo-5.14.21-150500.55.39.1
* kernel-default-debugsource-5.14.21-150500.55.39.1
* cluster-md-kmp-default-5.14.21-150500.55.39.1
* dlm-kmp-default-5.14.21-150500.55.39.1
* ocfs2-kmp-default-5.14.21-150500.55.39.1
* gfs2-kmp-default-5.14.21-150500.55.39.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.39.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.39.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.39.1
* SUSE Linux Enterprise High Availability Extension 15 SP5 (nosrc)
* kernel-default-5.14.21-150500.55.39.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (nosrc)
* kernel-default-5.14.21-150500.55.39.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* kernel-default-extra-5.14.21-150500.55.39.1
* kernel-default-debuginfo-5.14.21-150500.55.39.1
* kernel-default-debugsource-5.14.21-150500.55.39.1
* kernel-default-extra-debuginfo-5.14.21-150500.55.39.1

## References:

* https://www.suse.com/security/cve/CVE-2023-2006.html
* https://www.suse.com/security/cve/CVE-2023-25775.html
* https://www.suse.com/security/cve/CVE-2023-39197.html
* https://www.suse.com/security/cve/CVE-2023-39198.html
* https://www.suse.com/security/cve/CVE-2023-4244.html
* https://www.suse.com/security/cve/CVE-2023-45863.html
* https://www.suse.com/security/cve/CVE-2023-45871.html
* https://www.suse.com/security/cve/CVE-2023-46862.html
* https://www.suse.com/security/cve/CVE-2023-5158.html
* https://www.suse.com/security/cve/CVE-2023-5633.html
* https://www.suse.com/security/cve/CVE-2023-5717.html
* https://www.suse.com/security/cve/CVE-2023-6039.html
* https://www.suse.com/security/cve/CVE-2023-6176.html
* https://bugzilla.suse.com/show_bug.cgi?id=1084909
* https://bugzilla.suse.com/show_bug.cgi?id=1207948
* https://bugzilla.suse.com/show_bug.cgi?id=1210447
* https://bugzilla.suse.com/show_bug.cgi?id=1214286
* https://bugzilla.suse.com/show_bug.cgi?id=1214700
* https://bugzilla.suse.com/show_bug.cgi?id=1214840
* https://bugzilla.suse.com/show_bug.cgi?id=1214976
* https://bugzilla.suse.com/show_bug.cgi?id=1215123
* https://bugzilla.suse.com/show_bug.cgi?id=1215124
* https://bugzilla.suse.com/show_bug.cgi?id=1215292
* https://bugzilla.suse.com/show_bug.cgi?id=1215420
* https://bugzilla.suse.com/show_bug.cgi?id=1215458
* https://bugzilla.suse.com/show_bug.cgi?id=1215710
* https://bugzilla.suse.com/show_bug.cgi?id=1215802
* https://bugzilla.suse.com/show_bug.cgi?id=1215931
* https://bugzilla.suse.com/show_bug.cgi?id=1216058
* https://bugzilla.suse.com/show_bug.cgi?id=1216105
* https://bugzilla.suse.com/show_bug.cgi?id=1216259
* https://bugzilla.suse.com/show_bug.cgi?id=1216527
* https://bugzilla.suse.com/show_bug.cgi?id=1216584
* https://bugzilla.suse.com/show_bug.cgi?id=1216687
* https://bugzilla.suse.com/show_bug.cgi?id=1216693
* https://bugzilla.suse.com/show_bug.cgi?id=1216759
* https://bugzilla.suse.com/show_bug.cgi?id=1216788
* https://bugzilla.suse.com/show_bug.cgi?id=1216844
* https://bugzilla.suse.com/show_bug.cgi?id=1216861
* https://bugzilla.suse.com/show_bug.cgi?id=1216909
* https://bugzilla.suse.com/show_bug.cgi?id=1216959
* https://bugzilla.suse.com/show_bug.cgi?id=1216965
* https://bugzilla.suse.com/show_bug.cgi?id=1216976
* https://bugzilla.suse.com/show_bug.cgi?id=1217036
* https://bugzilla.suse.com/show_bug.cgi?id=1217068
* https://bugzilla.suse.com/show_bug.cgi?id=1217086
* https://bugzilla.suse.com/show_bug.cgi?id=1217095
* https://bugzilla.suse.com/show_bug.cgi?id=1217124
* https://bugzilla.suse.com/show_bug.cgi?id=1217140
* https://bugzilla.suse.com/show_bug.cgi?id=1217147
* https://bugzilla.suse.com/show_bug.cgi?id=1217195
* https://bugzilla.suse.com/show_bug.cgi?id=1217196
* https://bugzilla.suse.com/show_bug.cgi?id=1217200
* https://bugzilla.suse.com/show_bug.cgi?id=1217205
* https://bugzilla.suse.com/show_bug.cgi?id=1217332
* https://bugzilla.suse.com/show_bug.cgi?id=1217366
* https://bugzilla.suse.com/show_bug.cgi?id=1217511
* https://bugzilla.suse.com/show_bug.cgi?id=1217515
* https://bugzilla.suse.com/show_bug.cgi?id=1217598
* https://bugzilla.suse.com/show_bug.cgi?id=1217599
* https://bugzilla.suse.com/show_bug.cgi?id=1217609
* https://bugzilla.suse.com/show_bug.cgi?id=1217687
* https://bugzilla.suse.com/show_bug.cgi?id=1217731
* https://bugzilla.suse.com/show_bug.cgi?id=1217780
* https://jira.suse.com/browse/PED-3184
* https://jira.suse.com/browse/PED-5021
* https://jira.suse.com/browse/PED-7237



SUSE-SU-2023:4839-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP3)

Announcement ID: SUSE-SU-2023:4839-1
Rating: important
References:

* bsc#1215097
* bsc#1215519

Cross-References:

* CVE-2023-2163
* CVE-2023-3777

CVSS scores:

* CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_138 fixes several issues.

The following security issues were fixed:

* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215097)
* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
unsafe code paths being incorrectly marked as safe, resulting in arbitrary
read/write in kernel memory, lateral privilege escalation, and container
escape. (bsc#1215519)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2023-4839=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-4839=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_138-default-debuginfo-3-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_37-debugsource-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_138-default-3-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_138-preempt-debuginfo-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_138-preempt-3-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_138-default-3-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2023-2163.html
* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://bugzilla.suse.com/show_bug.cgi?id=1215097
* https://bugzilla.suse.com/show_bug.cgi?id=1215519



SUSE-SU-2023:4836-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP3)

Announcement ID: SUSE-SU-2023:4836-1
Rating: important
References:

* bsc#1215097
* bsc#1215442
* bsc#1215519

Cross-References:

* CVE-2023-2163
* CVE-2023-3777
* CVE-2023-4622

CVSS scores:

* CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_133 fixes several issues.

The following security issues were fixed:

* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215097)
* CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain
sockets component which could be exploited to achieve local privilege
escalation (bsc#1215442).
* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
unsafe code paths being incorrectly marked as safe, resulting in arbitrary
read/write in kernel memory, lateral privilege escalation, and container
escape. (bsc#1215519)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2023-4837=1 SUSE-2023-4838=1 SUSE-2023-4846=1
SUSE-2023-4836=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-4837=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2023-4838=1 SUSE-SLE-Module-Live-
Patching-15-SP3-2023-4846=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-4836=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_36-debugsource-3-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_26-debugsource-13-150300.2.2
* kernel-livepatch-5_3_18-150300_59_101-default-13-150300.2.2
* kernel-livepatch-SLE15-SP3_Update_29-debugsource-10-150300.2.2
* kernel-livepatch-SLE15-SP3_Update_30-debugsource-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_101-default-debuginfo-13-150300.2.2
* kernel-livepatch-5_3_18-150300_59_115-default-debuginfo-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_133-default-debuginfo-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_112-default-debuginfo-10-150300.2.2
* kernel-livepatch-5_3_18-150300_59_115-default-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_112-default-10-150300.2.2
* kernel-livepatch-5_3_18-150300_59_133-default-3-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_115-preempt-debuginfo-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_115-preempt-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_112-preempt-10-150300.2.2
* kernel-livepatch-5_3_18-150300_59_112-preempt-debuginfo-10-150300.2.2
* kernel-livepatch-5_3_18-150300_59_101-preempt-13-150300.2.2
* kernel-livepatch-5_3_18-150300_59_133-preempt-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_101-preempt-debuginfo-13-150300.2.2
* kernel-livepatch-5_3_18-150300_59_133-preempt-debuginfo-3-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_112-default-10-150300.2.2
* kernel-livepatch-5_3_18-150300_59_115-default-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_133-default-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_101-default-13-150300.2.2

## References:

* https://www.suse.com/security/cve/CVE-2023-2163.html
* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://www.suse.com/security/cve/CVE-2023-4622.html
* https://bugzilla.suse.com/show_bug.cgi?id=1215097
* https://bugzilla.suse.com/show_bug.cgi?id=1215442
* https://bugzilla.suse.com/show_bug.cgi?id=1215519



SUSE-SU-2023:4842-1: moderate: Security update for python-cryptography


# Security update for python-cryptography

Announcement ID: SUSE-SU-2023:4842-1
Rating: moderate
References:

* bsc#1217592

Cross-References:

* CVE-2023-49083

CVSS scores:

* CVE-2023-49083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-49083 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* Python 3 Module 15-SP4
* Python 3 Module 15-SP5
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for python-cryptography fixes the following issues:

* CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates
from a PKCS#7 bundle (bsc#1217592).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4842=1 openSUSE-SLE-15.4-2023-4842=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4842=1

* Python 3 Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-4842=1

* Python 3 Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2023-4842=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* python-cryptography-debugsource-41.0.3-150400.16.12.1
* python311-cryptography-41.0.3-150400.16.12.1
* python311-cryptography-debuginfo-41.0.3-150400.16.12.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* python-cryptography-debugsource-41.0.3-150400.16.12.1
* python311-cryptography-41.0.3-150400.16.12.1
* python311-cryptography-debuginfo-41.0.3-150400.16.12.1
* Python 3 Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* python-cryptography-debugsource-41.0.3-150400.16.12.1
* python311-cryptography-41.0.3-150400.16.12.1
* python311-cryptography-debuginfo-41.0.3-150400.16.12.1
* Python 3 Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* python-cryptography-debugsource-41.0.3-150400.16.12.1
* python311-cryptography-41.0.3-150400.16.12.1
* python311-cryptography-debuginfo-41.0.3-150400.16.12.1

## References:

* https://www.suse.com/security/cve/CVE-2023-49083.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217592



SUSE-SU-2023:4782-1: important: Security update for the Linux Kernel


# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2023:4782-1
Rating: important
References:

* bsc#1210447
* bsc#1214286
* bsc#1214976
* bsc#1215124
* bsc#1215292
* bsc#1215420
* bsc#1215458
* bsc#1215710
* bsc#1216058
* bsc#1216105
* bsc#1216259
* bsc#1216584
* bsc#1216693
* bsc#1216759
* bsc#1216844
* bsc#1216861
* bsc#1216909
* bsc#1216959
* bsc#1216965
* bsc#1216976
* bsc#1217036
* bsc#1217068
* bsc#1217086
* bsc#1217124
* bsc#1217140
* bsc#1217195
* bsc#1217200
* bsc#1217205
* bsc#1217332
* bsc#1217366
* bsc#1217515
* bsc#1217598
* bsc#1217599
* bsc#1217609
* bsc#1217687
* bsc#1217731
* bsc#1217780
* jsc#PED-3184
* jsc#PED-5021
* jsc#PED-7237

Cross-References:

* CVE-2023-2006
* CVE-2023-25775
* CVE-2023-39197
* CVE-2023-39198
* CVE-2023-4244
* CVE-2023-45863
* CVE-2023-45871
* CVE-2023-46862
* CVE-2023-5158
* CVE-2023-5717
* CVE-2023-6039
* CVE-2023-6176

CVSS scores:

* CVE-2023-2006 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2006 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-25775 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-25775 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-39197 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
* CVE-2023-39198 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-39198 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4244 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4244 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45863 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-45871 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-46862 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46862 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-5158 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-5158 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-5717 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5717 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6039 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6039 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* Public Cloud Module 15-SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves 12 vulnerabilities, contains three features and has 25
security fixes can now be installed.

## Description:

The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

* CVE-2023-2006: Fixed a race condition in the RxRPC network protocol
(bsc#1210447).
* CVE-2023-25775: Fixed improper access control in the Intel Ethernet
Controller RDMA driver (bsc#1216959).
* CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet()
(bsc#1216976).
* CVE-2023-39198: Fixed a race condition leading to use-after-free in
qxl_mode_dumb_create() (bsc#1216965).
* CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which
could be exploited to achieve local privilege escalation (bsc#1215420).
* CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path()
(bsc#1216058).
* CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may
not be adequate for frames larger than the MTU (bsc#1216259).
* CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo()
(bsc#1216693).
* CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in
drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710).
* CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the
Performance Events component (bsc#1216584).
* CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in
drivers/net/usb/lan78xx.c (bsc#1217068).
* CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm
scatterwalk functionality (bsc#1217332).

The following non-security bugs were fixed:

* acpi: fpdt: properly handle invalid fpdt subtables (git-fixes).
* acpi: resource: do irq override on tongfang gmxxgxx (git-fixes).
* acpi: resource: skip irq override on asus expertbook b1402cva (git-fixes).
* acpi: sysfs: fix create_pnp_modalias() and create_of_modalias() (git-fixes).
* alsa: hda/realtek - add dell alc295 to pin fall back table (git-fixes).
* alsa: hda/realtek - enable internal speaker of asus k6500zc (git-fixes).
* alsa: hda/realtek: add quirks for hp laptops (git-fixes).
* alsa: hda/realtek: enable mute led on hp 255 g10 (git-fixes).
* alsa: hda/realtek: enable mute led on hp 255 g8 (git-fixes).
* alsa: hda: cs35l41: fix unbalanced pm_runtime_get() (git-fixes).
* alsa: hda: cs35l41: undo runtime pm changes at driver exit time (git-fixes).
* alsa: hda: disable power-save on kontron singlepc (bsc#1217140).
* alsa: hda: fix possible null-ptr-deref when assigning a stream (git-fixes).
* alsa: hda: intel-dsp-config: fix jsl chromebook quirk detection (git-fixes).
* alsa: info: fix potential deadlock at disconnection (git-fixes).
* arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
* arm64: add cortex-a520 cpu part definition (git-fixes)
* arm64: allow kprobes on el0 handlers (git-fixes)
* arm64: armv8_deprecated move emulation functions (git-fixes)
* arm64: armv8_deprecated: fix unused-function error (git-fixes)
* arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
* arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
* arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
* arm64: consistently pass esr_elx to die() (git-fixes)
* arm64: die(): pass 'err' as long (git-fixes)
* arm64: factor insn read out of call_undef_hook() (git-fixes)
* arm64: factor out el1 ssbs emulation hook (git-fixes)
* arm64: report el1 undefs better (git-fixes)
* arm64: rework bti exception handling (git-fixes)
* arm64: rework el0 mrs emulation (git-fixes)
* arm64: rework fpac exception handling (git-fixes)
* arm64: split el0/el1 undef handlers (git-fixes)
* arm: 9321/1: memset: cast the constant byte to unsigned char (git-fixes).
* asoc: ams-delta.c: use component after check (git-fixes).
* asoc: codecs: wsa-macro: fix uninitialized stack variables with name prefix
(git-fixes).
* asoc: cs35l41: undo runtime pm changes at driver exit time (git-fixes).
* asoc: cs35l41: verify pm runtime resume errors in irq handler (git-fixes).
* asoc: fsl: fix pm disable depth imbalance in fsl_easrc_probe (git-fixes).
* asoc: fsl: mpc5200_dma.c: fix warning of function parameter or member not
described (git-fixes).
* asoc: hdmi-codec: register hpd callback on component probe (git-fixes).
* asoc: intel: skylake: fix mem leak when parsing uuids fails (git-fixes).
* asoc: rt5650: fix the wrong result of key button (git-fixes).
* asoc: simple-card: fixup asoc_simple_probe() error handling (git-fixes).
* asoc: ti: omap-mcbsp: fix runtime pm underflow warnings (git-fixes).
* ata: pata_isapnp: add missing error check for devm_ioport_map() (git-fixes).
* atl1c: work around the dma rx overflow issue (git-fixes).
* atm: iphase: do pci error checks on own line (git-fixes).
* blk-mq: do not clear driver tags own mapping (bsc#1217366).
* blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping()
(bsc#1217366).
* bluetooth: add device 0bda:887b to device tables (git-fixes).
* bluetooth: add device 13d3:3571 to device tables (git-fixes).
* bluetooth: btusb: add 0bda:b85b for fn-link rtl8852be (git-fixes).
* bluetooth: btusb: add date->evt_skb is null check (git-fixes).
* bluetooth: btusb: add realtek rtl8852be support id 0x0cb8:0xc559 (git-
fixes).
* bluetooth: btusb: add rtw8852be device 13d3:3570 to device tables (git-
fixes).
* can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is
accessed out of bounds (git-fixes).
* can: dev: can_restart(): do not crash kernel if carrier is ok (git-fixes).
* can: dev: can_restart(): fix race condition between controller restart and
netif_carrier_on() (git-fixes).
* can: isotp: add local echo tx processing for consecutive frames (git-fixes).
* can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-
fixes).
* can: isotp: fix tx state handling for echo tx processing (git-fixes).
* can: isotp: handle wait_event_interruptible() return values (git-fixes).
* can: isotp: isotp_bind(): return -einval on incorrect can id formatting
(git-fixes).
* can: isotp: isotp_sendmsg(): fix tx state detection and wait behavior (git-
fixes).
* can: isotp: remove re-binding of bound socket (git-fixes).
* can: isotp: sanitize can id checks in isotp_bind() (git-fixes).
* can: isotp: set max pdu size to 64 kbyte (git-fixes).
* can: isotp: split tx timer into transmission and timeout (git-fixes).
* can: sja1000: fix comment (git-fixes).
* clk: imx: imx8mq: correct error handling path (git-fixes).
* clk: imx: imx8qxp: fix elcdif_pll clock (git-fixes).
* clk: imx: select mxc_clk for clk_imx8qxp (git-fixes).
* clk: keystone: pll: fix a couple null vs is_err() checks (git-fixes).
* clk: mediatek: clk-mt2701: add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt6765: add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt6779: add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt6797: add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt7629-eth: add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt7629: add check for mtk_alloc_clk_data (git-fixes).
* clk: npcm7xx: fix incorrect kfree (git-fixes).
* clk: qcom: clk-rcg2: fix clock rate overflow for high parent frequencies
(git-fixes).
* clk: qcom: config ipq_apss_6018 should depend on qcom_smem (git-fixes).
* clk: qcom: gcc-sm8150: fix gcc_sdcc2_apps_clk_src (git-fixes).
* clk: qcom: ipq6018: drop the clk_set_rate_parent flag from pll clocks (git-
fixes).
* clk: qcom: mmcc-msm8998: do not check halt bit on some branch clks (git-
fixes).
* clk: qcom: mmcc-msm8998: fix the smmu gdsc (git-fixes).
* clk: sanitize possible_parent_show to handle return value of
of_clk_get_parent_name (git-fixes).
* clk: scmi: free scmi_clk allocated when the clocks with invalid info are
skipped (git-fixes).
* clk: ti: add ti_dt_clk_name() helper to use clock-output-names (git-fixes).
* clk: ti: change ti_clk_register_omap_hw api (git-fixes).
* clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes).
* clk: ti: update component clocks to use ti_dt_clk_name() (git-fixes).
* clk: ti: update pll and clockdomain clocks to use ti_dt_clk_name() (git-
fixes).
* crypto: caam/jr - fix chacha20 + poly1305 self test failure (git-fixes).
* crypto: caam/qi2 - fix chacha20 + poly1305 self test failure (git-fixes).
* crypto: hisilicon/hpre - fix a erroneous check after snprintf() (git-fixes).
* disable loongson drivers loongson is a mips architecture, it does not make
sense to build loongson drivers on other architectures.
* dmaengine: pxa_dma: remove an erroneous bug_on() in pxad_free_desc() (git-
fixes).
* dmaengine: ste_dma40: fix pm disable depth imbalance in d40_probe (git-
fixes).
* dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes).
* dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes).
* docs: net: move the probe and open/close sections of driver.rst up
(bsc#1215458).
* docs: net: reformat driver.rst from a list to sections (bsc#1215458).
* docs: net: use c syntax highlight in driver.rst (bsc#1215458).
* documentation: networking: correct possessive "its" (bsc#1215458).
* drivers: hv: vmbus: remove unused extern declaration vmbus_ontimer() (git-
fixes).
* drm/amd/display: avoid null dereference of timing generator (git-fixes).
* drm/amd/display: change the dmcub mailbox memory location from fb to inbox
(git-fixes).
* drm/amd/display: remove useless check in should_enable_fbc() (git-fixes).
* drm/amd/display: use full update for clip size increase of large plane
source (git-fixes).
* drm/amd/pm: handle non-terminated overdrive commands (git-fixes).
* drm/amd: fix ubsan array-index-out-of-bounds for polaris and tonga (git-
fixes).
* drm/amd: fix ubsan array-index-out-of-bounds for smu7 (git-fixes).
* drm/amdgpu: do not use atrm for external devices (git-fixes).
* drm/amdgpu: fix a null pointer access when the smc_rreg pointer is null
(git-fixes).
* drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes).
* drm/amdgpu: fix potential null pointer derefernce (git-fixes).
* drm/amdgpu: fix software pci_unplug on some chips (git-fixes).
* drm/amdkfd: fix a race condition of vram buffer unref in svm code (git-
fixes).
* drm/amdkfd: fix shift out-of-bounds issue (git-fixes).
* drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code
(git-fixes).
* drm/bridge: fix kernel-doc typo in desc of output_bus_cfg in
drm_bridge_state (git-fixes).
* drm/bridge: lt8912b: add missing drm_bridge_attach call (git-fixes).
* drm/bridge: lt8912b: fix bridge_detach (git-fixes).
* drm/bridge: lt8912b: fix crash on bridge detach (git-fixes).
* drm/bridge: lt8912b: manually disable hpd only if it was enabled (git-
fixes).
* drm/bridge: lt8912b: register and attach our dsi device at probe (git-
fixes).
* drm/bridge: lt8912b: switch to devm mipi-dsi helpers (git-fixes).
* drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
* drm/bridge: lt9611uxc: register and attach our dsi device at probe (git-
fixes).
* drm/bridge: lt9611uxc: switch to devm mipi-dsi helpers (git-fixes).
* drm/bridge: tc358768: disable non-continuous clock mode (git-fixes).
* drm/bridge: tc358768: fix bit updates (git-fixes).
* drm/bridge: tc358768: fix use of uninitialized variable (git-fixes).
* drm/gud: use size_add() in call to struct_size() (git-fixes).
* drm/i915/pmu: check if pmu is closed before stopping event (git-fixes).
* drm/i915: fix potential spectre vulnerability (git-fixes).
* drm/komeda: drop all currently held locks if deadlock happens (git-fixes).
* drm/mediatek: fix iommu fault by swapping fbs after updating plane state
(git-fixes).
* drm/mediatek: fix iommu fault during crtc enabling (git-fixes).
* drm/mipi-dsi: create devm device attachment (git-fixes).
* drm/mipi-dsi: create devm device registration (git-fixes).
* drm/msm/dp: skip validity check for dp cts edid checksum (git-fixes).
* drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-
fixes).
* drm/panel: fix a possible null pointer dereference (git-fixes).
* drm/panel: simple: fix innolux g101ice-l01 bus flags (git-fixes).
* drm/panel: simple: fix innolux g101ice-l01 timings (git-fixes).
* drm/panel: st7703: pick different reset sequence (git-fixes).
* drm/qxl: prevent memory leak (git-fixes).
* drm/radeon: possible buffer overflow (git-fixes).
* drm/rockchip: cdn-dp: fix some error handling paths in cdn_dp_probe() (git-
fixes).
* drm/rockchip: fix type promotion bug in rockchip_gem_iommu_map() (git-
fixes).
* drm/rockchip: vop: fix call to crtc reset helper (git-fixes).
* drm/rockchip: vop: fix color for rgb888/bgr888 format on vop full (git-
fixes).
* drm/rockchip: vop: fix reset of state in duplicate state crtc funcs (git-
fixes).
* drm/syncobj: fix drm_syncobj_wait_flags_wait_available (git-fixes).
* drm/vc4: fix typo (git-fixes).
* drm: vmwgfx_surface.c: copy user-array safely (git-fixes).
* dt-bindings: usb: hcd: add missing phy name to example (git-fixes).
* dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes).
* ensure ia32_emulation is always enabled for kernel-obs-build if
ia32_emulation is disabled by default, ensure it is enabled back for obs
kernel to allow building 32bit binaries (jsc#ped-3184) [ms: always pass the
parameter, no need to grep through the config which may not be very
reliable]
* fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes).
* fbdev: imsttfb: fix a resource leak in probe (git-fixes).
* fbdev: imsttfb: fix double free in probe() (git-fixes).
* fbdev: imsttfb: fix error path of imsttfb_probe() (git-fixes).
* fbdev: imsttfb: release framebuffer and dealloc cmap on error path (git-
fixes).
* fbdev: omapfb: drop unused remove function (git-fixes).
* firewire: core: fix possible memory leak in create_units() (git-fixes).
* firmware/imx-dsp: fix use_after_free in imx_dsp_setup_channels() (git-
fixes).
* fix termination state for idr_for_each_entry_ul() (git-fixes).
* gpio: mockup: fix kerneldoc (git-fixes).
* gpio: mockup: remove unused field (git-fixes).
* hid: add quirk for dell pro wireless keyboard and mouse km5221w (git-fixes).
* hid: cp2112: fix duplicate workqueue initialization (git-fixes).
* hid: hyperv: avoid struct memcpy overrun warning (git-fixes).
* hid: hyperv: remove unused struct synthhid_msg (git-fixes).
* hid: hyperv: replace one-element array with flexible-array member (git-
fixes).
* hid: lenovo: detect quirk-free fw on cptkbd and stop applying workaround
(git-fixes).
* hid: logitech-hidpp: do not restart io, instead defer hid_connect() only
(git-fixes).
* hid: logitech-hidpp: move get_wireless_feature_index() check to
hidpp_connect_event() (git-fixes).
* hid: logitech-hidpp: remove hidpp_quirk_no_hidinput quirk (git-fixes).
* hid: logitech-hidpp: revert "do not restart communication if not necessary"
(git-fixes).
* hv: simplify sysctl registration (git-fixes).
* hv_netvsc: fix netvsc_send_completion to avoid multiple message length
checks (git-fixes).
* hv_netvsc: fix race of netvsc and vf register_netdevice (git-fixes).
* hv_netvsc: fix race of register_netdevice_notifier and vf register (git-
fixes).
* hv_netvsc: mark vf as slave before exposing it to user-mode (git-fixes).
* hwmon: (coretemp) fix potentially truncated sysfs attribute name (git-
fixes).
* i2c: aspeed: fix i2c bus hang in slave read (git-fixes).
* i2c: core: run atomic i2c xfer when !preemptible (git-fixes).
* i2c: designware: disable tx_empty irq while waiting for block length byte
(git-fixes).
* i2c: dev: copy userspace array safely (git-fixes).
* i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-
fixes).
* i2c: iproc: handle invalid slave state (git-fixes).
* i2c: muxes: i2c-demux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes).
* i2c: muxes: i2c-mux-gpmux: use of_get_i2c_adapter_by_node() (git-fixes).
* i2c: muxes: i2c-mux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes).
* i2c: stm32f7: fix pec handling in case of smbus transfers (git-fixes).
* i2c: sun6i-p2wi: prevent potential division by zero (git-fixes).
* i3c: fix potential refcount leak in i3c_master_register_new_i3c_devs (git-
fixes).
* i3c: master: cdns: fix reading status register (git-fixes).
* i3c: master: mipi-i3c-hci: fix a kernel panic for accessing dat_data (git-
fixes).
* i3c: master: svc: fix check wrong status register in irq handler (git-
fixes).
* i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes).
* i3c: master: svc: fix race condition in ibi work thread (git-fixes).
* i3c: master: svc: fix sda keep low when polling ibiwon timeout happen (git-
fixes).
* i3c: master: svc: fix wrong data return when ibi happen during start frame
(git-fixes).
* i3c: mipi-i3c-hci: fix out of bounds access in hci_dma_irq_handler (git-
fixes).
* i915/perf: fix null deref bugs with drm_dbg() calls (git-fixes).
* idpf: add controlq init and reset checks (bsc#1215458).
* idpf: add core init and interrupt request (bsc#1215458).
* idpf: add create vport and netdev configuration (bsc#1215458).
* idpf: add ethtool callbacks (bsc#1215458).
* idpf: add module register and probe functionality (bsc#1215458).
* idpf: add ptypes and mac filter support (bsc#1215458).
* idpf: add rx splitq napi poll support (bsc#1215458).
* idpf: add singleq start_xmit and napi poll (bsc#1215458).
* idpf: add splitq start_xmit (bsc#1215458).
* idpf: add sriov support and other ndo_ops (bsc#1215458).
* idpf: add tx splitq napi poll support (bsc#1215458).
* idpf: cancel mailbox work in error path (bsc#1215458).
* idpf: configure resources for rx queues (bsc#1215458).
* idpf: configure resources for tx queues (bsc#1215458).
* idpf: fix potential use-after-free in idpf_tso() (bsc#1215458).
* idpf: initialize interrupts and enable vport (bsc#1215458).
* idpf: set scheduling mode for completion queue (bsc#1215458).
* iio: adc: xilinx-xadc: correct temperature offset/scale for ultrascale (git-
fixes).
* iio: adc: xilinx-xadc: do not clobber preset voltage/temperature thresholds
(git-fixes).
* iio: exynos-adc: request second interupt only when touchscreen mode is used
(git-fixes).
* input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
(git-fixes).
* input: synaptics-rmi4 - handle reset delay when using smbus trsnsport (git-
fixes).
* input: xpad - add vid for turtle beach controllers (git-fixes).
* irqchip/stm32-exti: add missing dt irq flag translation (git-fixes).
* kabi/severities: ignore kabi in rxrpc (bsc#1210447) the rxrpc module is
built since sle15-sp3 but it is not shipped as part of any sle product, only
in leap (in kernel-*-optional).
* kernel-binary: suse-module-tools is also required when installed
requires(pre) adds dependency for the specific sciptlet. however, suse-
module-tools also ships modprobe.d files which may be needed at posttrans
time or any time the kernel is on the system for generating ramdisk. add
plain requires as well.
* kernel-source: move provides after sources
* leds: pwm: do not disable the pwm when the led should be off (git-fixes).
* leds: trigger: ledtrig-cpu:: fix 'output may be truncated' issue for 'cpu'
(git-fixes).
* leds: turris-omnia: do not use smbus calls (git-fixes).
* lsm: fix default return value for inode_getsecctx (git-fixes).
* lsm: fix default return value for vm_enough_memory (git-fixes).
* media: bttv: fix use after free error due to btv->timeout timer (git-fixes).
* media: ccs: correctly initialise try compose rectangle (git-fixes).
* media: ccs: fix driver quirk struct documentation (git-fixes).
* media: cedrus: fix clock/reset sequence (git-fixes).
* media: cobalt: use field_get() to extract link width (git-fixes).
* media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes).
* media: i2c: max9286: fix some redundant of_node_put() calls (git-fixes).
* media: imon: fix access to invalid resource for the second interface (git-
fixes).
* media: lirc: drop trailing space from scancode transmit (git-fixes).
* media: qcom: camss: fix missing vfe_lite clocks check (git-fixes).
* media: qcom: camss: fix pm_domain_on sequence in probe (git-fixes).
* media: qcom: camss: fix vfe-17x vfe_disable_output() (git-fixes).
* media: qcom: camss: fix vfe_get() error jump (git-fixes).
* media: sharp: fix sharp encoding (git-fixes).
* media: siano: drop unnecessary error check for debugfs_create_dir/file()
(git-fixes).
* media: venus: hfi: add checks to handle capabilities from firmware (git-
fixes).
* media: venus: hfi: add checks to perform sanity on queue pointers (git-
fixes).
* media: venus: hfi: fix the check to handle session buffer requirement (git-
fixes).
* media: venus: hfi_parser: add check to keep the number of codecs within
range (git-fixes).
* media: vidtv: mux: add check and kfree for kstrdup (git-fixes).
* media: vidtv: psi: add check for kstrdup (git-fixes).
* media: vivid: avoid integer overflow (git-fixes).
* mfd: arizona-spi: set pdata.hpdet_channel for acpi enumerated devs (git-
fixes).
* mfd: core: ensure disabled devices are skipped without aborting (git-fixes).
* mfd: dln2: fix double put in dln2_probe (git-fixes).
* misc: fastrpc: clean buffers on remote invocation failures (git-fixes).
* misc: pci_endpoint_test: add device id for r-car s4-8 pcie controller (git-
fixes).
* mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#ped-7237,
git-fixes).
* mmc: block: be sure to wait while busy in cqe error recovery (git-fixes).
* mmc: block: do not lose cache flush during cqe error recovery (git-fixes).
* mmc: block: retry commands in cqe error recovery (git-fixes).
* mmc: cqhci: fix task clearing in cqe error recovery (git-fixes).
* mmc: cqhci: increase recovery halt timeout (git-fixes).
* mmc: cqhci: warn of halt or task clear failure (git-fixes).
* mmc: meson-gx: remove setting of cmd_cfg_error (git-fixes).
* mmc: sdhci-pci-gli: a workaround to allow gl9750 to enter aspm l1.2 (git-
fixes).
* mmc: sdhci-pci-gli: gl9750: mask the replay timer timeout of aer (git-
fixes).
* mmc: sdhci_am654: fix start loop index for tap value parsing (git-fixes).
* mmc: vub300: fix an error code (git-fixes).
* modpost: fix tee module_device_table built on big-endian host (git-fixes).
* mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes).
* mtd: cfi_cmdset_0001: byte swap otp info (git-fixes).
* mtd: rawnand: arasan: include ecc syndrome along with in-band data while
checking for ecc failure (git-fixes).
* net-memcg: fix scope of sockmem pressure indicators (bsc#1216759).
* net: add macro netif_subqueue_completed_wake (bsc#1215458).
* net: avoid address overwrite in kernel_connect (bsc#1216861).
* net: fix use-after-free in tw_timer_handler (bsc#1217195).
* net: ieee802154: adf7242: fix some potential buffer overflow in
adf7242_stats_show() (git-fixes).
* net: mana: fix return type of mana_start_xmit() (git-fixes).
* net: piggy back on the memory barrier in bql when waking queues
(bsc#1215458).
* net: provide macros for commonly copied lockless queue stop/wake code
(bsc#1215458).
* net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-
fixes).
* net: usb: smsc95xx: fix uninit-value access in smsc95xx_read_reg (git-
fixes).
* nvme: update firmware version after commit (bsc#1215292).
* pci/aspm: fix l1 substate handling in aspm_attr_store_common() (git-fixes).
* pci/sysfs: protect driver's d3cold preference from user space (git-fixes).
* pci: disable ats for specific intel ipu e2000 devices (bsc#1215458).
* pci: extract ats disabling to a helper function (bsc#1215458).
* pci: exynos: do not discard .remove() callback (git-fixes).
* pci: keystone: do not discard .probe() callback (git-fixes).
* pci: keystone: do not discard .remove() callback (git-fixes).
* pci: prevent xhci driver from claiming amd vangogh usb3 drd device (git-
fixes).
* pci: tegra194: use field_get()/field_prep() with link width fields (git-
fixes).
* pci: use field_get() in sapphire rx 5600 xt pulse quirk (git-fixes).
* pci: use field_get() to extract link width (git-fixes).
* pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes).
* pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()
(git-fixes).
* pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes).
* pinctrl: avoid reload of p state in list iteration (git-fixes).
* platform/x86: thinkpad_acpi: add battery quirk for thinkpad x120e (git-
fixes).
* platform/x86: wmi: fix opening of char device (git-fixes).
* platform/x86: wmi: fix probe failure when failing to register wmi devices
(git-fixes).
* platform/x86: wmi: remove unnecessary initializations (git-fixes).
* pm / devfreq: rockchip-dfi: make pmu regmap mandatory (git-fixes).
* pm: hibernate: use __get_safe_page() rather than touching the list (git-
fixes).
* powerpc: do not clobber f0/vs0 during fp|altivec register save
(bsc#1217780).
* pwm: brcmstb: utilize appropriate clock apis in suspend/resume (git-fixes).
* pwm: fix double shift bug (git-fixes).
* pwm: sti: reduce number of allocations and drop usage of chip_data (git-
fixes).
* r8152: cancel hw_phy_work if we have an error in probe (git-fixes).
* r8152: check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes).
* r8152: check for unplug in rtl_phy_patch_request() (git-fixes).
* r8152: increase usb control msg timeout to 5000ms as per spec (git-fixes).
* r8152: release firmware if we have an error in probe (git-fixes).
* r8152: run the unload routine if we have errors during probe (git-fixes).
* regmap: debugfs: fix a erroneous check after snprintf() (git-fixes).
* regmap: ensure range selector registers are updated after cache sync (git-
fixes).
* regmap: prevent noinc writes from clobbering cache (git-fixes).
* revert "i2c: pxa: move to generic gpio recovery" (git-fixes).
* revert "mmc: core: capture correct oemid-bits for emmc cards" (git-fixes).
* rpm/check-for-config-changes: add as_wruss to ignored_configs_re add
as_wruss as an ignored_configs_re entry in check-for-config-changes to fix
build on x86_32. there was a fix submitted to upstream but it was not
accepted:
https://lore.kernel.org/all/20231031140504.gczuejkmpxsredh3ma@fat_crate.local/
so carry this in ignored_configs_re instead.
* rpm/check-for-config-changes: add have_shadow_call_stack to
ignored_configs_re not supported by our compiler.
* rpm/mkspec-dtb: add riscv64 dtb-allwinner subpackage
* s390/ap: fix ap bus crash on early config change callback invocation (git-
fixes bsc#1217687).
* s390/cio: unregister device when the only path is gone (git-fixes
bsc#1217609).
* s390/cmma: fix detection of dat pages (ltc#203997 bsc#1217086).
* s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (ltc#203997
bsc#1217086).
* s390/cmma: fix initial kernel address space page table walk (ltc#203997
bsc#1217086).
* s390/crashdump: fix tod programmable field size (git-fixes bsc#1217205).
* s390/dasd: fix hanging device after request requeue (git-fixes ltc#203629
bsc#1215124).
* s390/dasd: protect device queue against concurrent access (git-fixes
bsc#1217515).
* s390/dasd: use correct number of retries for erp requests (git-fixes
bsc#1217598).
* s390/ipl: add missing secure/has_secure file to ipl type 'unknown'
(bsc#1214976 git-fixes).
* s390/mm: add missing arch_set_page_dat() call to gmap allocations
(ltc#203997 bsc#1217086).
* s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc()
(ltc#203997 bsc#1217086).
* s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200).
* s390/ptrace: fix ptrace_get_last_break error handling (git-fixes
bsc#1217599).
* sbsa_gwdt: calculate timeout with 64-bit math (git-fixes).
* scsi: lpfc: copyright updates for 14.2.0.16 patches (bsc#1217731).
* scsi: lpfc: correct maximum pci function value for ras fw logging
(bsc#1217731).
* scsi: lpfc: eliminate unnecessary relocking in lpfc_check_nlp_post_devloss()
(bsc#1217731).
* scsi: lpfc: enhance driver logging for selected discovery events
(bsc#1217731).
* scsi: lpfc: fix list_entry null check warning in lpfc_cmpl_els_plogi()
(bsc#1217731).
* scsi: lpfc: fix possible file string name overflow when updating firmware
(bsc#1217731).
* scsi: lpfc: introduce log_node_verbose messaging flag (bsc#1217124).
* scsi: lpfc: refactor and clean up mailbox command memory free (bsc#1217731).
* scsi: lpfc: reject received prlis with only initiator fcn role for npiv
ports (bsc#1217124).
* scsi: lpfc: remove unnecessary zero return code assignment in
lpfc_sli4_hba_setup (bsc#1217124).
* scsi: lpfc: return early in lpfc_poll_eratt() when the driver is unloading
(bsc#1217731).
* scsi: lpfc: treat ioerr_sli_down i/o completion status the same as pci
offline (bsc#1217124).
* scsi: lpfc: update lpfc version to 14.2.0.15 (bsc#1217124).
* scsi: lpfc: update lpfc version to 14.2.0.16 (bsc#1217731).
* scsi: lpfc: validate els ls_acc completion payload (bsc#1217124).
* scsi: qla2xxx: fix double free of dsd_list during driver load (git-fixes).
* scsi: qla2xxx: use field_get() to extract pcie capability fields (git-
fixes).
* selftests/efivarfs: create-read: fix a resource leak (git-fixes).
* selftests/pidfd: fix ksft print formats (git-fixes).
* selftests/resctrl: ensure the benchmark commands fits to its array (git-
fixes).
* selftests/resctrl: reduce failures due to outliers in mba/mbm tests (git-
fixes).
* selftests/resctrl: remove duplicate feature check from cmt test (git-fixes).
* seq_buf: fix a misleading comment (git-fixes).
* serial: exar: revert "serial: exar: add support for sealevel 7xxxc serial
cards" (git-fixes).
* serial: meson: use platform_get_irq() to get the interrupt (git-fixes).
* soc: qcom: llcc: handle a second device without data corruption (git-fixes).
* spi: nxp-fspi: use the correct ioremap function (git-fixes).
* spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes).
* spi: tegra: fix missing irq check in tegra_slink_probe() (git-fixes).
* staging: media: ipu3: remove ftrace-like logging (git-fixes).
* string.h: add array-wrappers for (v)memdup_user() (git-fixes).
* supported.conf: marked idpf supported
* thermal: core: prevent potential string overflow (git-fixes).
* treewide: spelling fix in comment (git-fixes).
* tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes).
* tty: 8250: add brainboxes oxford semiconductor-based quirks (git-fixes).
* tty: 8250: add support for additional brainboxes px cards (git-fixes).
* tty: 8250: add support for additional brainboxes uc cards (git-fixes).
* tty: 8250: add support for brainboxes up cards (git-fixes).
* tty: 8250: add support for intashield is-100 (git-fixes).
* tty: 8250: add support for intashield ix cards (git-fixes).
* tty: 8250: fix port count of px-257 (git-fixes).
* tty: 8250: fix up px-803/px-857 (git-fixes).
* tty: 8250: remove uc-257 and uc-431 (git-fixes).
* tty: fix uninit-value access in ppp_sync_receive() (git-fixes).
* tty: n_gsm: fix race condition in status line change on dead connections
(git-fixes).
* tty: serial: meson: fix hard lockup on crtscts mode (git-fixes).
* tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes).
* tty: vcc: add check for kstrdup() in vcc_probe() (git-fixes).
* usb: cdnsp: fix deadlock issue during using ncm gadget (git-fixes).
* usb: chipidea: fix dma overwrite for tegra (git-fixes).
* usb: chipidea: simplify tegra dma alignment code (git-fixes).
* usb: dwc2: fix possible null pointer dereference caused by driver
concurrency (git-fixes).
* usb: dwc2: write hcint with intmask applied (bsc#1214286).
* usb: dwc3: fix default mode initialization (git-fixes).
* usb: dwc3: qcom: fix acpi platform device leak (git-fixes).
* usb: dwc3: qcom: fix resource leaks on probe deferral (git-fixes).
* usb: dwc3: qcom: fix software node leak on probe errors (git-fixes).
* usb: dwc3: qcom: fix wakeup after probe deferral (git-fixes).
* usb: dwc3: set the dma max_seg_size (git-fixes).
* usb: gadget: f_ncm: always set current gadget in ncm_bind() (git-fixes).
* usb: raw-gadget: properly handle interrupted requests (git-fixes).
* usb: serial: option: add fibocom l7xx modules (git-fixes).
* usb: serial: option: do not claim interface 4 for zte mf290 (git-fixes).
* usb: serial: option: fix fm101r-gl defines (git-fixes).
* usb: storage: set 1.50 as the lower bcddevice for older "super top"
compatibility (git-fixes).
* usb: typec: tcpm: fix null pointer dereference in tcpm_pd_svdm() (git-
fixes).
* usb: typec: tcpm: skip hard reset when in error recovery (git-fixes).
* usb: usbip: fix stub_dev hub disconnect (git-fixes).
* virtchnl: add virtchnl version 2 ops (bsc#1215458).
* wifi: ath10k: do not touch the ce interrupt registers after power up (git-
fixes).
* wifi: ath10k: fix clang-specific fortify warning (git-fixes).
* wifi: ath11k: debugfs: fix to work with multiple pci devices (git-fixes).
* wifi: ath11k: fix dfs radar event locking (git-fixes).
* wifi: ath11k: fix htt pktlog locking (git-fixes).
* wifi: ath11k: fix temperature event locking (git-fixes).
* wifi: ath9k: fix clang-specific fortify warnings (git-fixes).
* wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-
fixes).
* wifi: iwlwifi: empty overflow queue during flush (git-fixes).
* wifi: iwlwifi: honor the enable_ini value (git-fixes).
* wifi: iwlwifi: pcie: synchronize irqs before napi (git-fixes).
* wifi: iwlwifi: use fw rate for non-data frames (git-fixes).
* wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-
fixes).
* wifi: mac80211: fix # of msdu in a-msdu calculation (git-fixes).
* wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes).
* wifi: rtlwifi: fix edca limit set by bt coexistence (git-fixes).
* wifi: rtw88: debug: fix the null vs is_err() bug for debugfs_create_file()
(git-fixes).
* x86/alternative: add a __alt_reloc_selftest() prototype (git-fixes).
* x86/cpu: fix amd erratum #1485 on zen4-based cpus (git-fixes).
* x86/fpu: set x86_feature_osxsave feature after enabling osxsave in cr4 (git-
fixes).
* x86/hyperv: add hv_expose_invariant_tsc define (git-fixes).
* x86/hyperv: fix a warning in mshyperv.h (git-fixes).
* x86/hyperv: improve code for referencing hyperv_pcpu_input_arg (git-fixes).
* x86/hyperv: make hv_get_nmi_reason public (git-fixes).
* x86/sev: do not try to parse for the cc blob on non-amd hardware (git-
fixes).
* x86/sev: fix calculation of end address based on number of pages (git-
fixes).
* x86/sev: use the ghcb protocol when available for snp cpuid requests (git-
fixes).
* x86: move gds_ucode_mitigated() declaration to header (git-fixes).
* xfs: add attr state machine tracepoints (git-fixes).
* xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
* xfs: constify btree function parameters that are not modified (git-fixes).
* xfs: convert agf log flags to unsigned (git-fixes).
* xfs: convert agi log flags to unsigned (git-fixes).
* xfs: convert attr type flags to unsigned (git-fixes).
* xfs: convert bmap extent type flags to unsigned (git-fixes).
* xfs: convert bmapi flags to unsigned (git-fixes).
* xfs: convert btree buffer log flags to unsigned (git-fixes).
* xfs: convert buffer flags to unsigned (git-fixes).
* xfs: convert buffer log item flags to unsigned (git-fixes).
* xfs: convert da btree operations flags to unsigned (git-fixes).
* xfs: convert dquot flags to unsigned (git-fixes).
* xfs: convert inode lock flags to unsigned (git-fixes).
* xfs: convert log item tracepoint flags to unsigned (git-fixes).
* xfs: convert log ticket and iclog flags to unsigned (git-fixes).
* xfs: convert quota options flags to unsigned (git-fixes).
* xfs: convert scrub type flags to unsigned (git-fixes).
* xfs: disambiguate units for ftrace fields tagged "blkno", "block", or "bno"
(git-fixes).
* xfs: disambiguate units for ftrace fields tagged "count" (git-fixes).
* xfs: disambiguate units for ftrace fields tagged "len" (git-fixes).
* xfs: disambiguate units for ftrace fields tagged "offset" (git-fixes).
* xfs: make the key parameters to all btree key comparison functions const
(git-fixes).
* xfs: make the key parameters to all btree query range functions const (git-
fixes).
* xfs: make the keys and records passed to btree inorder functions const (git-
fixes).
* xfs: make the pointer passed to btree set_root functions const (git-fixes).
* xfs: make the start pointer passed to btree alloc_block functions const
(git-fixes).
* xfs: make the start pointer passed to btree update_lastrec functions const
(git-fixes).
* xfs: mark the record passed into btree init_key functions as const (git-
fixes).
* xfs: mark the record passed into xchk_btree functions as const (git-fixes).
* xfs: remove xfs_btree_cur_t typedef (git-fixes).
* xfs: rename i_disk_size fields in ftrace output (git-fixes).
* xfs: resolve fork names in trace output (git-fixes).
* xfs: standardize ag block number formatting in ftrace output (git-fixes).
* xfs: standardize ag number formatting in ftrace output (git-fixes).
* xfs: standardize daddr formatting in ftrace output (git-fixes).
* xfs: standardize inode generation formatting in ftrace output (git-fixes).
* xfs: standardize inode number formatting in ftrace output (git-fixes).
* xfs: standardize remaining xfs_buf length tracepoints (git-fixes).
* xfs: standardize rmap owner number formatting in ftrace output (git-fixes).
* xhci: enable rpm on controllers that support low-power states (git-fixes).
* xhci: loosen rpm as default policy to cover for amd xhc 1.1 (git-fixes).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4782=1 openSUSE-SLE-15.4-2023-4782=1

* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4782=1

## Package List:

* openSUSE Leap 15.4 (aarch64 x86_64)
* kselftests-kmp-azure-debuginfo-5.14.21-150400.14.75.1
* ocfs2-kmp-azure-5.14.21-150400.14.75.1
* reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.75.1
* kernel-azure-optional-5.14.21-150400.14.75.1
* gfs2-kmp-azure-5.14.21-150400.14.75.1
* dlm-kmp-azure-debuginfo-5.14.21-150400.14.75.1
* kernel-azure-optional-debuginfo-5.14.21-150400.14.75.1
* cluster-md-kmp-azure-5.14.21-150400.14.75.1
* gfs2-kmp-azure-debuginfo-5.14.21-150400.14.75.1
* kernel-azure-debuginfo-5.14.21-150400.14.75.1
* kernel-azure-devel-debuginfo-5.14.21-150400.14.75.1
* kernel-azure-extra-debuginfo-5.14.21-150400.14.75.1
* kernel-syms-azure-5.14.21-150400.14.75.1
* kernel-azure-debugsource-5.14.21-150400.14.75.1
* kernel-azure-livepatch-devel-5.14.21-150400.14.75.1
* dlm-kmp-azure-5.14.21-150400.14.75.1
* kselftests-kmp-azure-5.14.21-150400.14.75.1
* kernel-azure-devel-5.14.21-150400.14.75.1
* kernel-azure-extra-5.14.21-150400.14.75.1
* cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.75.1
* reiserfs-kmp-azure-5.14.21-150400.14.75.1
* ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.75.1
* openSUSE Leap 15.4 (aarch64 nosrc x86_64)
* kernel-azure-5.14.21-150400.14.75.1
* openSUSE Leap 15.4 (noarch)
* kernel-devel-azure-5.14.21-150400.14.75.1
* kernel-source-azure-5.14.21-150400.14.75.1
* Public Cloud Module 15-SP4 (aarch64 nosrc x86_64)
* kernel-azure-5.14.21-150400.14.75.1
* Public Cloud Module 15-SP4 (aarch64 x86_64)
* kernel-azure-debuginfo-5.14.21-150400.14.75.1
* kernel-azure-devel-debuginfo-5.14.21-150400.14.75.1
* kernel-syms-azure-5.14.21-150400.14.75.1
* kernel-azure-devel-5.14.21-150400.14.75.1
* kernel-azure-debugsource-5.14.21-150400.14.75.1
* Public Cloud Module 15-SP4 (noarch)
* kernel-devel-azure-5.14.21-150400.14.75.1
* kernel-source-azure-5.14.21-150400.14.75.1

## References:

* https://www.suse.com/security/cve/CVE-2023-2006.html
* https://www.suse.com/security/cve/CVE-2023-25775.html
* https://www.suse.com/security/cve/CVE-2023-39197.html
* https://www.suse.com/security/cve/CVE-2023-39198.html
* https://www.suse.com/security/cve/CVE-2023-4244.html
* https://www.suse.com/security/cve/CVE-2023-45863.html
* https://www.suse.com/security/cve/CVE-2023-45871.html
* https://www.suse.com/security/cve/CVE-2023-46862.html
* https://www.suse.com/security/cve/CVE-2023-5158.html
* https://www.suse.com/security/cve/CVE-2023-5717.html
* https://www.suse.com/security/cve/CVE-2023-6039.html
* https://www.suse.com/security/cve/CVE-2023-6176.html
* https://bugzilla.suse.com/show_bug.cgi?id=1210447
* https://bugzilla.suse.com/show_bug.cgi?id=1214286
* https://bugzilla.suse.com/show_bug.cgi?id=1214976
* https://bugzilla.suse.com/show_bug.cgi?id=1215124
* https://bugzilla.suse.com/show_bug.cgi?id=1215292
* https://bugzilla.suse.com/show_bug.cgi?id=1215420
* https://bugzilla.suse.com/show_bug.cgi?id=1215458
* https://bugzilla.suse.com/show_bug.cgi?id=1215710
* https://bugzilla.suse.com/show_bug.cgi?id=1216058
* https://bugzilla.suse.com/show_bug.cgi?id=1216105
* https://bugzilla.suse.com/show_bug.cgi?id=1216259
* https://bugzilla.suse.com/show_bug.cgi?id=1216584
* https://bugzilla.suse.com/show_bug.cgi?id=1216693
* https://bugzilla.suse.com/show_bug.cgi?id=1216759
* https://bugzilla.suse.com/show_bug.cgi?id=1216844
* https://bugzilla.suse.com/show_bug.cgi?id=1216861
* https://bugzilla.suse.com/show_bug.cgi?id=1216909
* https://bugzilla.suse.com/show_bug.cgi?id=1216959
* https://bugzilla.suse.com/show_bug.cgi?id=1216965
* https://bugzilla.suse.com/show_bug.cgi?id=1216976
* https://bugzilla.suse.com/show_bug.cgi?id=1217036
* https://bugzilla.suse.com/show_bug.cgi?id=1217068
* https://bugzilla.suse.com/show_bug.cgi?id=1217086
* https://bugzilla.suse.com/show_bug.cgi?id=1217124
* https://bugzilla.suse.com/show_bug.cgi?id=1217140
* https://bugzilla.suse.com/show_bug.cgi?id=1217195
* https://bugzilla.suse.com/show_bug.cgi?id=1217200
* https://bugzilla.suse.com/show_bug.cgi?id=1217205
* https://bugzilla.suse.com/show_bug.cgi?id=1217332
* https://bugzilla.suse.com/show_bug.cgi?id=1217366
* https://bugzilla.suse.com/show_bug.cgi?id=1217515
* https://bugzilla.suse.com/show_bug.cgi?id=1217598
* https://bugzilla.suse.com/show_bug.cgi?id=1217599
* https://bugzilla.suse.com/show_bug.cgi?id=1217609
* https://bugzilla.suse.com/show_bug.cgi?id=1217687
* https://bugzilla.suse.com/show_bug.cgi?id=1217731
* https://bugzilla.suse.com/show_bug.cgi?id=1217780
* https://jira.suse.com/browse/PED-3184
* https://jira.suse.com/browse/PED-5021
* https://jira.suse.com/browse/PED-7237



SUSE-SU-2023:4787-1: important: Security update for xorg-x11-server


# Security update for xorg-x11-server

Announcement ID: SUSE-SU-2023:4787-1
Rating: important
References:

* bsc#1217765
* bsc#1217766

Cross-References:

* CVE-2023-6377
* CVE-2023-6478

CVSS scores:

* CVE-2023-6377 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6478 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* Basesystem Module 15-SP5
* Development Tools Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves two vulnerabilities can now be installed.

## Description:

This update for xorg-x11-server fixes the following issues:

* CVE-2023-6377: Fixed Out-of-bounds memory write in XKB button
actions(bsc#1217765).
* CVE-2023-6478: Fixed Out-of-bounds memory read in RRChangeOutputProperty and
RRChangeProviderProperty (bsc#1217766).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4787=1 openSUSE-SLE-15.5-2023-4787=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4787=1

* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4787=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* xorg-x11-server-Xvfb-21.1.4-150500.7.10.1
* xorg-x11-server-extra-21.1.4-150500.7.10.1
* xorg-x11-server-extra-debuginfo-21.1.4-150500.7.10.1
* xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.10.1
* xorg-x11-server-debugsource-21.1.4-150500.7.10.1
* xorg-x11-server-sdk-21.1.4-150500.7.10.1
* xorg-x11-server-debuginfo-21.1.4-150500.7.10.1
* xorg-x11-server-source-21.1.4-150500.7.10.1
* xorg-x11-server-21.1.4-150500.7.10.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* xorg-x11-server-Xvfb-21.1.4-150500.7.10.1
* xorg-x11-server-extra-21.1.4-150500.7.10.1
* xorg-x11-server-extra-debuginfo-21.1.4-150500.7.10.1
* xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.10.1
* xorg-x11-server-debugsource-21.1.4-150500.7.10.1
* xorg-x11-server-debuginfo-21.1.4-150500.7.10.1
* xorg-x11-server-21.1.4-150500.7.10.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* xorg-x11-server-debugsource-21.1.4-150500.7.10.1
* xorg-x11-server-sdk-21.1.4-150500.7.10.1
* xorg-x11-server-debuginfo-21.1.4-150500.7.10.1

## References:

* https://www.suse.com/security/cve/CVE-2023-6377.html
* https://www.suse.com/security/cve/CVE-2023-6478.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217765
* https://bugzilla.suse.com/show_bug.cgi?id=1217766



SUSE-SU-2023:4791-1: important: Security update for xorg-x11-server


# Security update for xorg-x11-server

Announcement ID: SUSE-SU-2023:4791-1
Rating: important
References:

* bsc#1217765
* bsc#1217766

Cross-References:

* CVE-2023-6377
* CVE-2023-6478

CVSS scores:

* CVE-2023-6377 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6478 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* Basesystem Module 15-SP4
* Development Tools Module 15-SP4
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves two vulnerabilities can now be installed.

## Description:

This update for xorg-x11-server fixes the following issues:

* CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions
(bsc#1217765).
* CVE-2023-6478: Fixed out-of-bounds memory read in RRChangeOutputProperty and
RRChangeProviderProperty (bsc#1217766).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4791=1 openSUSE-SLE-15.4-2023-4791=1

* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4791=1

* Development Tools Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4791=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* xorg-x11-server-source-1.20.3-150400.38.32.1
* xorg-x11-server-debugsource-1.20.3-150400.38.32.1
* xorg-x11-server-1.20.3-150400.38.32.1
* xorg-x11-server-debuginfo-1.20.3-150400.38.32.1
* xorg-x11-server-extra-1.20.3-150400.38.32.1
* xorg-x11-server-sdk-1.20.3-150400.38.32.1
* xorg-x11-server-extra-debuginfo-1.20.3-150400.38.32.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* xorg-x11-server-debugsource-1.20.3-150400.38.32.1
* xorg-x11-server-1.20.3-150400.38.32.1
* xorg-x11-server-debuginfo-1.20.3-150400.38.32.1
* xorg-x11-server-extra-1.20.3-150400.38.32.1
* xorg-x11-server-extra-debuginfo-1.20.3-150400.38.32.1
* Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* xorg-x11-server-debugsource-1.20.3-150400.38.32.1
* xorg-x11-server-sdk-1.20.3-150400.38.32.1
* xorg-x11-server-debuginfo-1.20.3-150400.38.32.1

## References:

* https://www.suse.com/security/cve/CVE-2023-6377.html
* https://www.suse.com/security/cve/CVE-2023-6478.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217765
* https://bugzilla.suse.com/show_bug.cgi?id=1217766



SUSE-SU-2023:4775-1: important: Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP5)


# Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP5)

Announcement ID: SUSE-SU-2023:4775-1
Rating: important
References:

* bsc#1215097
* bsc#1215442
* bsc#1215519
* bsc#1215971

Cross-References:

* CVE-2023-2163
* CVE-2023-3777
* CVE-2023-4622
* CVE-2023-5345

CVSS scores:

* CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5345 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro 6.0
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_13_18 fixes several issues.

The following security issues were fixed:

* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215097)
* CVE-2023-5345: Fixed an use-after-free vulnerability in the fs/smb/client
component which could be exploited to achieve local privilege escalation.
(bsc#1215971)
* CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain
sockets component which could be exploited to achieve local privilege
escalation (bsc#1215442).
* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
unsafe code paths being incorrectly marked as safe, resulting in arbitrary
read/write in kernel memory, lateral privilege escalation, and container
escape. (bsc#1215519)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4775=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4779=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4779=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP4 (x86_64)
* kernel-livepatch-SLE15-SP4-RT_Update_13-debugsource-3-150400.2.1
* kernel-livepatch-5_14_21-150400_15_53-rt-3-150400.2.1
* kernel-livepatch-5_14_21-150400_15_53-rt-debuginfo-3-150400.2.1
* openSUSE Leap 15.5 (x86_64)
* kernel-livepatch-5_14_21-150500_13_18-rt-3-150500.2.1
* kernel-livepatch-5_14_21-150500_13_18-rt-debuginfo-3-150500.2.1
* kernel-livepatch-SLE15-SP5-RT_Update_5-debugsource-3-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
* kernel-livepatch-5_14_21-150500_13_18-rt-3-150500.2.1
* kernel-livepatch-5_14_21-150500_13_18-rt-debuginfo-3-150500.2.1
* kernel-livepatch-SLE15-SP5-RT_Update_5-debugsource-3-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2023-2163.html
* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://www.suse.com/security/cve/CVE-2023-4622.html
* https://www.suse.com/security/cve/CVE-2023-5345.html
* https://bugzilla.suse.com/show_bug.cgi?id=1215097
* https://bugzilla.suse.com/show_bug.cgi?id=1215442
* https://bugzilla.suse.com/show_bug.cgi?id=1215519
* https://bugzilla.suse.com/show_bug.cgi?id=1215971



SUSE-SU-2023:4781-1: important: Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP5)


# Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP5)

Announcement ID: SUSE-SU-2023:4781-1
Rating: important
References:

* bsc#1215097

Cross-References:

* CVE-2023-3777

CVSS scores:

* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro 6.0
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_13_24 fixes one issue.

The following security issue was fixed:

* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215097)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4781=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4781=1

## Package List:

* openSUSE Leap 15.5 (x86_64)
* kernel-livepatch-5_14_21-150500_13_24-rt-2-150500.2.1
* kernel-livepatch-5_14_21-150500_13_24-rt-debuginfo-2-150500.2.1
* kernel-livepatch-SLE15-SP5-RT_Update_7-debugsource-2-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
* kernel-livepatch-5_14_21-150500_13_24-rt-2-150500.2.1
* kernel-livepatch-5_14_21-150500_13_24-rt-debuginfo-2-150500.2.1
* kernel-livepatch-SLE15-SP5-RT_Update_7-debugsource-2-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://bugzilla.suse.com/show_bug.cgi?id=1215097



SUSE-SU-2023:4788-1: important: Security update for xwayland


# Security update for xwayland

Announcement ID: SUSE-SU-2023:4788-1
Rating: important
References:

* bsc#1217765
* bsc#1217766

Cross-References:

* CVE-2023-6377
* CVE-2023-6478

CVSS scores:

* CVE-2023-6377 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6478 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP5

An update that solves two vulnerabilities can now be installed.

## Description:

This update for xwayland fixes the following issues:

* CVE-2023-6377: Fixed Out-of-bounds memory write in XKB button
actions(bsc#1217765).
* CVE-2023-6478: Fixed Out-of-bounds memory read in RRChangeOutputProperty and
RRChangeProviderProperty (bsc#1217766).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4788=1 openSUSE-SLE-15.5-2023-4788=1

* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4788=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* xwayland-debuginfo-22.1.5-150500.7.8.1
* xwayland-debugsource-22.1.5-150500.7.8.1
* xwayland-devel-22.1.5-150500.7.8.1
* xwayland-22.1.5-150500.7.8.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* xwayland-debuginfo-22.1.5-150500.7.8.1
* xwayland-debugsource-22.1.5-150500.7.8.1
* xwayland-22.1.5-150500.7.8.1

## References:

* https://www.suse.com/security/cve/CVE-2023-6377.html
* https://www.suse.com/security/cve/CVE-2023-6478.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217765
* https://bugzilla.suse.com/show_bug.cgi?id=1217766